Home Security

GDPR Is Coming Soon … and Companies Aren’t Ready

Samuel Greengard Avatar

By

Samuel Greengard

Updated on:

Get the free newsletter

Subscribe to Daily Tech Insider for top news, trends, and analysis.

This field is required This newsletter requires you to opt in to subscribe.

GDPR Is Coming Soon … and Companies Aren’t Ready

GDPR Is Coming Soon … and Companies Aren't ReadyGDPR Is Coming Soon … and Companies Aren’t Ready

The E.U. General Data Protection Regulation will impact all companies that have customers in Europe, but many organizations haven’t started preparing for it.

Awareness ExistsAwareness Exists

95% of the executives surveyed are aware that they need to comply with the GDPR, and 85% have reviewed its requirements.

Feeling SecureFeeling Secure

79% believe their data is as secure as it can be.

False Sense of Security?False Sense of Security?

64% don’t know that a customer’s date of birth is personally identifiable information (PII).
42% don’t know that email marketing databases contain PII.
32% don’t consider physical addresses as PII.
21% don’t view a customer’s email as PII.

No Worries?No Worries?

66% were dismissive about the amount they could be fined if they didn’t comply with the GDPR. They believe reputation and brand equity damage are the biggest risks.

Steep FinesSteep Fines

Only 33% of the executives surveyed knew that GDPR fines could be as high as €20 million, or 4% of their company’s worldwide annual revenue of the prior financial year.

Not So FineNot So Fine

Despite being aware of the huge GDPR fines for noncompliance, one in five respondents said that the fine “wouldn’t bother them.”

Who's Accountable?Who’s Accountable?

Only 14% of the executives surveyed knew that the loss of EU customer data is the responsibility of both the company and service providers.

Confusion AboundsConfusion Abounds

51% incorrectly believe that fines are imposed only on EU data owners, and 24% incorrectly think that they affect only service providers.

Who Should Lead a GDPR Initiative?Who Should Lead a GDPR Initiative?

31% of respondents said the CEO should lead, and 27% said the CISO should take charge. 22% said a board-level executive should participate. Yet, only 21% have a senior-level executive involved.

Mandate: State-of-the-Art TechMandate: State-of-the-Art Tech

The GDPR mandates that businesses must implement state-of-the-art security technologies that are relative to the risks faced.

Only a Minority Comply With Tech MandateOnly a Minority Comply With Tech Mandate

34% have implemented advanced capabilities to identify intruders.
33% have invested in data leak prevention technologies.
31% have employed encryption technologies.

Previous article

Next article

Samuel Greengard Avatar
Samuel Greengard
Samuel Greengard writes about business, technology and other topics. His book, The Internet of Things (MIT Press) was released in the spring of 2015.

Related Articles