New research by Censuswide captures the preparedness levels of organizations in Europe and the United States for the May 2018 GDPR compliance deadline, as well as their perceptions on the new regulation’s business impact.
Intended to improve personal data protection and increase accountability for data breaches, GDPR is a comprehensive data privacy standard to date. However, the regulation presents a significant challenge for organizations that process the personal data of EU citizens, regardless of where the organization is headquartered. This means that any US organization that handles data belonging EU citizens will be required to be GDPR compliant when the regulation comes into force in May 2018.
According to the findings, around 35% of US organizations already don’t believe they will be fully prepared for GDPR in time for the deadline. In addition, US organizations are apprehensive about the GDPR’s impact on their business.
“The results of this survey are not surprising – with so many data breaches the consumers are legitimately afraid that their data is not protected enough. So, GDPR will force companies to do what they should have done already on their own: secure the valuable information they handle. Taking this point a step further, companies might realize now that investment in cybersecurity could bring them competitive advantage: they will avoid huge costs of a data breach, and attract new customers once the consumers realize their data is being treated properly. Just as you wouldn’t service your car with a workshop you don’t trust, people will stop giving their data to companies who take information security too lightly,” said Dejan Kosutic, GDPR & Information Security Expert at Advisera.com.
Key concerns for US businesses
- Just over 56% believe that implementing measures to become GDPR compliant will increase the levels of complexity and red tape within their business.
- Approximately 45% are concerned that the GDPR will hinder their organization’s innovation to some degree.
- Almost 18% expect the GDPR to have a negative impact on relationships with their international partners.
- Interestingly, while roughly 20% believe the GDPR will lead to fewer data breaches, 49% are concerned that its implementation will actually result in an increased number of breaches.
Although US businesses have several concerns surrounding GDPR, over half (approximately 53%) remain optimistic that the GDPR will have no effect on their business operations whatsoever. Along the same lines, over a third of businesses (35%) suggest that a GDPR-type regulation is definitely required for handling the personal information of US citizens.
Jim DeLorenzo, Solutions Manager, GDPR, Thales eSecurity says: “Organizations that are not prepared for the GDPR would be remiss to think that this regulation won’t impact their business operations. In fact, if organizations fail to comply, they could face multiple legal challenges as well as staggering fines, consequences that will undoubtedly garner negative attention. With so many US businesses having a global reach, it’s imperative that American business leaders understand the ramifications of not complying with the GDPR.”
The research also examined consumer privacy and control concerns in the UK and Germany. The results reveal that almost half (47%) of consumers believe commercial organizations don’t care about their privacy, and that two in five (42%) don’t trust anyone to keep their personal information private.