Only 20% of UK organisations consider themselves to be GDPR-ready, despite the data protection law having already come into force on the 25th May.
Meanwhile, EU-based organisations, excluding the UK, are twice as likely to consider themselves compliant than US firms are, at 27% versus 12%, according to new research.
Another 27% haven’t actually reached the implementation phase of their compliance strategy, according to security firm TrustArc’s survey of 600 IT and legal professionals with a role in data protection policy in the UK, US and EU, conducted in the middle of June.
Moreover, while the majority of UK organisations expect to be fully compliant by the end of 2018, 25% anticipate not being compliant until 2019 or beyond.
“While the amount of effort was immense for the deadline of the 25th May, there is substantive work yet to complete to achieve initial compliance as well as monitor and maintain compliance on a repeatable and efficient ongoing basis,” said TrustArc’s CEO, Chris Babel.
The lack of preparedness across the UK, EU and US should be of concern given the new set of data protection laws carry with them a maximum fine of up to €20 million, or 4% of global annual turnover, whichever is higher, for breaches.
But fines haven’t played as prominent a role as the press coverage has warranted, according to the researchers, with only 38% of UK organisations saying financial penalties comprised one of the key motivators for investing in compliance.
Rather, the biggest motivators included meeting customer expectations, true for 58% of UK companies, while supporting company values, 47%, and meeting partner or third-party expectations, 41%, comprised the other main drivers.
More than two-thirds of companies have spent above $100,000 to date on compliance, and 67% expect to continue spending this amount through to the end of the year, investing in internal and external personnel, training, consulting, legal advice, technology and new tools.
Most respondents saw the new data protection laws as having a positive impact on business, compared to 15% claiming GDPR will affect them negatively.
Medium-sized companies were most likely to see GDPR as a benefit, with 71% receiving the data protection laws positively, while the same was only true for little over half of large businesses, 51%.
“There is a lot of work yet to be done in order for all companies to achieve full GDPR compliance, as well as for them to monitor, maintain and demonstrate ongoing compliance in a repeatable and efficient manner,” Babel added.
“The good news is that companies realise that the effort and expense will have a positive effect on their businesses and is well worth the investment.”
Through the deployment of Mobile Device Management solutions such as SOTI and Samsung Knox, all business sizes and verticals could show good GDPR practice for their mobile device fleets. We find many businesses are forgetting that the mobile fleet is just as, if not more important, than the in-house IT, to protect from a GDPR point of view.
We can assist you with solutions for your customers and the best practices for testing, deployment and post-sales service. Email firstname.lastname@example.org for a copy of our ‘5 stages to the successful sale and deployment of Mobile Device Management (MDM)’.