Survey Shows Customers Are Behind, Misinformed On GDPR Compliance
When it comes to GDPR, customers aren't moving as quickly as they should be to become compliant with the new regulation. Many don't even know if they have to, according to a recent survey.
The survey of 1,600 organizations by WatchGuard Technologies found that 37 percent of respondents didn't know if their organization has to comply with the new General Data Protection Regulation (GDPR), which takes effect on May 25, 2018, and has sweeping implications for companies who don't comply.
The survey found that, of the 37 percent who didn't know if the regulation applied to them at all, around 14 percent did collect personal data from EU citizens. That means they fall under the list of companies that must comply with the new regulation in less than a year. Twenty-eight percent of respondents said they were unsure if they collected applicable information.
[Related: 5 Things Partners Need To Know About New GDPR Regulations]
GDPR brings new requirements and regulations around data privacy, collection, management, and more for companies collecting and processing data on European Union citizens. The ultimate goal is to create better data privacy and protections. The regulations apply to companies that collect data on EU citizens and those that process data on behalf of those companies. That means the new rules could impact both solution providers and their customers.
Penalties for not complying are steep – ranging from a written warning to mandated regular data protection audits, to financial sanctions of up to 4 percent of a company's yearly revenues. The penalties are tiered based on what measure companies failed to meet.
Overall according to the survey, 10 percent of businesses believe they are totally compliant with the new regulations. Almost half – around 44 percent – said they didn't know how close to compliance they were.
Jeremy Wittkop, CTO of Greenwood Village, Colo.-based InteliSecure, said he has been urging all of his customers to see if they need to comply with the GDPR regulations.
"I tell everyone that will listen to me that they should," Wittkop said. He said companies are "running out of time," and that he is already starting to hear boards of directors start to put the pressure on their IT teams to get up to speed.
Wittkop said the response from customers differs. He said companies are being "willfully ignorant," thinking they don’t need to comply. Others, especially multi-national corporations, are "certainly investing very heavily" to meet the new requirements, he said.
Wittkop said InteliSecure is teaming up with some of its vendor partners, including Cisco and Commvault, to offer a webinar on the topic to get the word out. He said he expects regulators will look to enforce regulations quickly to "wake people up and take it seriously."
"There are some people in the U.S. especially that need to be concerned about this," Wittkop said. "The stakes are high. It's kind of a game of Russian roulette or chicken … I don't know that I would want to play that game."