With EU General Data Protection Regulation set to come into force on 25 May next year – in less than six months’ time – the majority of organisations and security professionals are worried about achieving compliance with the law.
According to research conducted by IT security firm Varonis, 60 per cent of EU and 50 per cent of US cyber security specialists have concerns about the new data protection regulation.
The study identified readiness and attitudes around the GDPR, which will change the way that organisations handle personal data, particularly customer data.
Varonis’s research among more than 500 cyber security pros in the UK, Germany, France and the US, the research found that more than half of professionals (57 per cent) are concerned about the new law.
While organisations have until 25 May 2018 to achieve compliance – or risk heavy fines – as many as 38 per cent of respondents said they don’t see the deadline as a priority for their organisation.
Many, though, claim that the law will be an opportunity. In fact, 74 per cent of professionals believe that adherence to the law will help improve their competitiveness.
In the UK, 58 per cent of companies and professionals view data protection by design as a major challenge. They believe it’s the hardest aspect of the new law, with the ‘right to erasure’ of personal data following behind.
One-in-four US respondents, on the other hand, believe that they don’t need to comply with GDPR.
In terms of already being compliant, 36 per cent of organisations in the UK, 35 per cent in Germany and 42 per cent in France suggested that they were already ready.
“It’s encouraging to see progress made surrounding the GDPR, and yet it’s deeply concerning that more than half of the organisations surveyed continue to face compliance challenges,” said David Gibson, chief marketing officer at Varonis.
He continued: “The GDPR represents a significant change in the way data must be handled. It’s alarming that so many respondents simply aren’t worried, especially given that many organisations are not tackling the biggest problems and best practices around data collection, management and protection.
He added that organisations can’t really avoid it. “Ignorance is not bliss when it comes to the GDPR, and organisations that have fallen behind in their preparations must ramp-up their compliance activities or they could take a serious financial hit once the regulations take effect.”
Greg Day, vice president and chief security officer of EMEA at Palo Alto Networks, added: “Like any new legislation, it will take time for businesses to understand the impact these regulations will have on their business. All carry potentially significant penalties for infringement.
“2018 will be a big year for businesses in getting to grips with what each of these mean when it comes to applying cybersecurity and managing ongoing requirements.”