Do you know if your business is GDPR compliant, or if you even need to comply?
The GDPR compliance deadline fast-approaching and many organisations, including Australian companies, are ill-prepared due to uncertainty about the criteria for compliance.
This is according to a new report conducted by independent market research firm, Vanson Bourne.
The survey, which examines the views of more than 1,600 organisations across the globe, was revealed by WatchGuard Technologies, a provider of network security solutions.
The global survey explores how well global as well as Australian organisations understand Europe’s General Data Protection Regulation (GDPR).
The findings indicate widespread confusion about GDPR compliance criteria and an overall lack of preparation.
According to the GDPR criteria, any company that stores or processes personal information about EU citizens must comply.
37% of respondents globally and 36% of organisations in Australia simply don’t know whether or not their organisation needs to comply with GDPR, while more than a quarter (28%) of global respondents believe their organisation doesn’t need to comply at all.
In contrast, 50% of Australian organisations do not believe their organisation needs to comply with the GDPR deadline.
Of the respondents who don’t believe the law applies to their organisation, one in seven (14%) globally collect personal data from EU citizens.
This indicates that not only is there a general lack of awareness about GDPR, but companies are also misinterpreting which types of data constitute a mandate for compliance.
“Australian business will feel the impact of GDPR once enforcement of the new legislation comes into force,” says Paul Sadler, APAC Marketing Manager, WatchGuard Technologies.
“However, the data shows that a worrying number of organisations are still unaware or mistaken about the necessity for GDPR compliance. In Australia, just 13% of organisations believe they’ll need to comply.”
“With sensitive customer data and noncompliance fines at stake, every company with access to data from European Union citizens needs to ensure they truly comprehend the ramifications of GDPR.”
While many organisations have been aware of GDPR for some time, just 17% of Australian respondents believe their company is currently 100% ready for its inception.
However, 50% of respondents in Australia stated that they don’t actually know how close their organisation is to compliance.
67% of Australian respondents believe that their organisation will need to make significant changes to their IT infrastructure in order to comply.
Respondents from organisations that are not yet GDPR compliant estimate it will take an average of seven months to complete the requirements.
However, Australians claimed that they would need double this time to complete the requirements.
The GDPR compliance deadline is set for May 25, 2018.
In order to bridge the gap, nearly half (48%) of all respondents are seeking, or might seek, compliance assistance from an outside party.
In comparison, just one in three Australian organisations will seek external assistance.
“Penalties for noncompliance are steep and the deadline is just around the corner,” says Corey Nachreiner, chief technology officer of WatchGuard.
“Companies stand to lose four percent of their worldwide revenue if they haven’t met all the requirements by next May.”
“The only way to prevent unnecessary fines and frustration is to take a good hard look at the criteria, assemble a GDPR plan of action and begin implementing it immediately.”