The majority of IT professionals are aware of the European General Data Protection Regulation (GDPR) but nearly 60% of companies are either not preparing or are unaware of the changes, according to a new survey.
The survey, carried out at RSA 2017 by Imperva, found that just 43% of companies are preparing for the coming changes, 29% were not preparing, and 28% were unaware of any specific preparations being made.
GDPR is designed to protect the privacy of European Citizens and applies to every business that collects personal data on citizens of the European Union, the law comes into effect on the 25th of May 2018.
Terry Ray, chief product strategist at Imperva, said: “U.S. companies should be evaluating the impact GDPR will have on their data practices, given the major fines for non-compliance.”
“Companies need to begin the GDPR legwork now by documenting how personal data is collected and processed in their organisations. From what we’ve seen in working with our clients on GDPR readiness, the projects are complex and involve multiple teams, technologies and systems.”
The survey of 170 security professionals also found that in spite of the lack of preparation, 51% believed that the coming changes would impact their businesses, a third believed that it would, 11% were unsure, and 5% did not know what GDPR was.
Organisations are currently focussed on GDPR because of the fines that can come with failing to protect citizens data. The EU has stated that fines could be in the range of €20 million or 4% of total worldwide annual turnover, meaning larger companies could potentially face billions of dollars in fines.
When asked who was driving the move to ensure GDPR compliance, 49% of survey respondents stated that the legal department was in charge, whilst only 8% revealed that the IT department was in charge.
GDPR was adopted on April 27th 2016, and will come into full effect next year.