Dell Survey Shows Organizations Lack Awareness and Preparation for New European Union General Data Protection Regulation (GDPR)
Dell today announced results of a global survey on the European Union’s new General Data Protection Regulation (GDPR), revealing that organizations ‒ both SMBs and large enterprises ‒ lack general awareness of the requirements of the new regulation, how to prepare for it, and the impact of non-compliance on data security and business outcomes.
Designed to strengthen protection of personal data for all EU citizens, the new regulation goes into effect in May 2018 and affects companies of all sizes, in all regions, and in all industries. Those not fully compliant when GDPR goes into effect risk significant fines, potential breaches and loss of reputation.
Survey results show that 82 percent of global IT and business professionals responsible for data security at both SMBs and enterprises are concerned with GDPR compliance. Although the majority of global IT and business professionals express compliance concerns, respondents lack general awareness of GDPR, and they are neither prepared for it now, nor expect to be when it goes into effect.
Results further show that while organizations realize failure to comply with GDPR will impact both data security and business outcomes, they are unclear on the extent of change required, or the severity of penalties for non-compliance and how changes will affect the business. Seventy nine percent say they would not, or were not aware whether their organization would face penalties in its approach to data privacy if GDPR had been in effect this past year.
Additional findings show that most organizations don’t feel well-prepared across security disciplines for GDPR compliance.
Best practices help successfully address GDPR requirements and avoid the consequences of non-compliance
The EU GDPR was adopted by the European Parliament and Council this year, and becomes fully effective in 2018. Below are tips and strategies to help organizations adhere to security disciplines needed for GDPR regulations, so they can protect customer personal information, and avoid the data breaches, heavy fines and loss of reputation that may result from non-compliance:
In the survey, conducted by Dimensional Research, 821 IT and business professionals responsible for data privacy at companies with European customers responded to questions about awareness, perception and readiness for GDPR, and the expected impact of non-compliance when GDPR comes into force in May 2018. The survey was conducted across the United States, Canada, Asia Pacific (Australia, Hong Kong, Singapore, India), United Kingdom, Germany, Sweden, Belgium, The Netherlands, France, Italy, Spain and Poland. Business executives at organizations with fewer than 100 employees also completed the survey.
John Milburn, vice president and general manager, Dell One Identity Solutions
“The European Union General Data Protection Regulation is the first update to European data protection laws since 1995, when the Internet was in its infancy and the constantly evolving cyber threats we know today did not exist. This survey reinforces the global lack of general understanding of GDPR, the scope of the regulation, and what organizations need to do to avoid stringent penalties. Results also show that while some organizations “think” they are prepared, they will be in for a rude awakening if they experience a breach or must face an audit and are subject to the consequences of non-compliance with GDPR.”
Patrick Sweeney, vice president, product management and marketing, Dell SonicWALL
“This new regulation provides uniform data protection rights across the EU, and, to be in compliance, both European organizations and those outside of Europe that do business there must adopt an adaptive, user-centric, layered security model approach around the tenets of prevent, detect, respond and predict. To be GDPR-compliant, they need security solutions that enable them to prevent attacks, detect a potentially dangerous presence in their networks, respond quickly to that threat, and analyze and report on the health of their networks in real time.”
"Don't put off early consideration of GDPR by the two-year implementation period. The scale, complexity, cost and business criticality of GDPR means that it will take (at least) two years for most companies to achieve full compliance. Most companies need to start now."1
1 “Executive Brief on GDPR: A Primer for Getting Started Towards Compliance,” by Duncan Brown, IDC, March 2016
Dell Technologies is a unique family of businesses that provides the essential infrastructure for organizations to build their digital future, transform IT and protect their most important asset, information. The company services customers of all sizes across 180 countries – ranging from 98 percent of the Fortune 500 to individual consumers – with the industry’s most comprehensive and innovative portfolio from the edge to the core to the cloud.
Dell EMC World
Join us Oct. 18-20 at Dell EMC World 2016, Dell Technologies’ flagship event bringing together technology and business professionals to network, share ideas and help co-create a better future. Learn more at www.dellemcworld.com and follow #DellEMCWorld on Twitter
Dell is a trademark of Dell Inc. Dell disclaims any proprietary interest in the marks and names of others.