View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 20, 2017updated 21 Nov 2017 10:40am

Training and tech spending top priorities for GDPR compliance

Approximately 35% of EU firms are already in-line with GDPR stipulations.

By CBR Staff Writer

Prudent technology spending is crucial to meeting GDPR standards by the 2018 deadline, but one in four privacy professionals in Europe doubt their company will be ready in time, according to new research.

Investment in training is the number one action to avoid fines over non-compliance to the GDPR, the report from International Association of Privacy Professionals (IAPP) and Ernst & Young confirms. Other necessary steps include appointing a Data Protection Officer (DPO) before the May 25 implementation date.

Failing to prepare for data breach notification is the highest concern among survey respondents, whereas inability to carry out data inventory and mapping came in second. In third place is not obtaining data subject consent and improperly handling international data transfers.GDPR

Analysts estimate the cost of enabling customers to request Fortune 500 companies to find and delete data held on them could hit $7.8bn, the FT reports. This amounts to a rough average of $16m outlay per organisation.

Companies failing to comply with the Brussels regulation would face a fine of €20 million or four percent of the firm’s annual global turnover, whichever is greater.

Stateside data security managers are on the whole more optimistic than their European counterparts, with 84% of US respondents confident of GDPR compliance by late May. Research suggests EU privacy bosses are either more honest or possibly lacking in resources, with one in four admitting their firm will likely miss the summer deadline. This figure stands despite organisations saying they have upped privacy budgets, hired additional privacy staff and increased spending on new technology, as well as increasing privacy training.

Lack of clarity on the GDPR’s implications is a roadblock for companies.  A third of respondents (32%) said the biggest barrier to compliance is the sheer complexity of the GDPR. However, this is mainly a concern of US companies, with 38% of stateside privacy professionals ranking this aspect as their main concern. EU respondents name inadequate budget as their greatest hurdle, with legal complexity a close second. One in five of all respondents believe “too little time” could stand in the way of GDPR compliance.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Why GDPR is the perfect time to overcome inefficiencies & future proof your business 
How the UK’s Data Protection Bill and GDPR will work together
GDPR and what it means for your business

The report revealed that companies are already making key changes to their data management infrastructure. Encouragingly, a quarter of participants (24%) stated they were least concerned about non-compliance owing to lack of a DPO, most likely because they have already appointed one. Analysts estimate that 35% of EU respondents are already in compliance with the stipulation for a dedicated DPO.

Trevor Hughes, president of the IAPP, said hiring lawyers and consultants in a bid to beat non-compliance risks is “a rolling cost”. Mr Hughes said: “May 2018 is by no means the end point as companies will have to invest in educating their employees in the new data framework”.

IAPP surveyed 498 privacy professionals, most of whom work for organizations headquartered in either the United States (44%) or the European Union (including the United Kingdom, 44%). 4% were Canadian and just over 3% from non-EU countries in Europe.

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.