With the General Data Protection Regulation (GDPR) deadline approaching — deadline is set for May 25, 2018 — a new study from WatchGuard Technologies has found that many organizations are confused and unprepared.
GDPR criteria shows that any company that stores or processes personal information about EU citizens must demonstrate compliance.
The study, which examined the views of more than 1,600 organizations across the globe, showed that 37% of respondents simply do not know whether or not their organization needs to comply with the GDPR. More than a quarter (28%) believe their organization doesn’t need to comply at all.
In addition to a general lack of awareness, many organizations are misinterpreting which types of data constitute a mandate for compliance. Of those who stated they don’t believe the GDPR applies to their company, 14% collect personal data from EU citizens, and 28% who were unsure about GDPR compliance also collect this type of information.
This misunderstanding means companies are not prepared for its inception. Only 10% of respondents reported that they are completely ready.
“Once enforcement for this new legislation begins, companies all over the world will feel its impact,” said Corey Nachreiner, Chief Technology Officer of WatchGuard in a statement. “Unfortunately, the data shows that an alarming amount of organizations are still unaware or mistaken about the necessity for GDPR compliance, leaving them three steps behind at this stage. In the Americas alone, just 16% of organizations believe they’ll need to comply. With sensitive customer data and noncompliance fines at stake, every company with access to data from European citizens needs to ensure they truly understand GDPR and its ramifications.”