“Only 5% of organisations claim to be ready for European Union’s GDPR” discovers BSI’s latest research study
Research conducted by BSI has underlined the growing concern that European businesses are simply not ready for the General Data Protection Regulation (GDPR). Even though 97% of organisations admit that the implementation of the GDPR will affect their business, just 5% say they’re fully prepared for the new regulation, with 33% stating that they’re just over half way towards compliance.
The European Union’s (EU) GDPR comes into effect on Friday 25 May and will require all organisations to comply with stricter rules concerning the data protection and privacy of data subjects (ie citizens) within the EU. Any failure to comply could result in fines of up to €20 million or 4% of an organisation’s annual global turnover, with supervisory authorities fully expected to crack down extremely hard to encourage greater compliance.
The research from the Cyber Security and Information Resilience division of BSI has found that European businesses are aware of the looming deadline, but far from ready. Over half of organisations surveyed highlighted their concern regarding the role of their employees in GDPR compliance, with one-in-five businesses revealing that they had experienced a data compromising incident in the past 12 months. The Data Protection Commissioner reported 2,795 valid data security breaches in 2017. That’s an increase of 26% from 2016.
The research also revealed that one-in-five senior managers are actively engaged with the GDPR on behalf of their organisation, 36% are allocating a substantial level of resources to meet GDPR requirements and 97% of organisations admit that the GDPR will affect the way in which they conduct their business.