EU Businesses Aren’t Just Unprepared for GDPR… They’re Underpreparing

Computing UK conducted a study in February 2016 that revealed some startling facts about EU businesses’ lack of preparedness for the GDPR.

Only 20% felt “well prepared” for the changes ahead, 44% were unaware (or only vaguely aware) of the new rules, and 53% weren’t sure whether or not a new infrastructure or software to comply with GDPR would be a necessary investment of their money and time.

Now, nearly 9 months later, a new report has shown that a whopping 96% of 900 EU companies still don’t fully understand the GDPR, while 91% have concerns about becoming compliant by May 2018.

It’s possible that their concerns are unjustified, especially considering that a new Symantec report states that 90% of businesses think it’ll be difficult to delete customer data, and only 40% of companies have a system in place that would allow them to do so safely and easily.

Kevin Isaac, SVP and Head of Sales, EMEA, Enterprise Security at Symantec explains: “There is a significant disconnect between how important privacy and security is for consumers, and its priority for businesses. The good news is there’s still time to remedy the situation – if firms take immediate action.”

What’s more alarming is Symantec’s findings that 35% of business and IT decision makers think their employers aren’t taking an ethical approach to securing and protecting customer data.

These reports reveal that not only are businesses unprepared for GDPR, but they are underpreparing for one of the largest privacy regulatory updates in more than a decade.

If GDPR were already in effect today, approximately 21% of businesses believe they would be penalized for non-compliance, and nearly 25% believe they would be forced to implement a new data protection solution.

The PCI Security Standards Council warns that UK businesses alone could incur up to £122B in penalties for data breaches when new EU legislation comes into effect.

While some organizations consider GDPR regulations a nuisance, a change in consumer mindset is what should be the driving force behind companies’ willingness to better prepare for compliance.

Symantec’s report also found that 88% of European consumers think data security is the most critical factor when choosing a company with which to do business, and 86% think that protection of their data is more important than the quality of the company’s product or service.

Ultimately, if privacy integrity and large financial penalties aren’t enough to convince your team to prepare for GDPR, perhaps the prospect of losing customers will be motivation enough.