According to a new survey, more than 70 percent of European CIOs and IT managers are still concerned – at least to some extent – that their organizations may not be able to meet the compliance deadline for the General Data Protection Regulation (GDPR).
This data point is one of the findings released today by NetApp from its research into European cloud adoption, security and GDPR compliance. The study found significant gaps in understanding and sense of urgency as organizations prepare for the May 25th, 2018, GDPR deadline. Only 37% of respondents so far have invested extra funds in data regulation compliance – a figure that should be much higher to prepare businesses for a data-driven future and to fend off crippling fines.
Other key findings from the survey of 750 CIOs and IT managers from France, Germany and the UK show:
•The responsibility for data compliance is not always clear.
•Comprehensive understanding of what is involved in the GDPR is lacking.
•GDPR preparation moves slowly.
Companies are struggling with the responsibilities for compliance: The crux of meeting the GDPR deadline is compliance. While the originator of data remains the owner, under GDPR anyone who processes that data is also responsible. However, 51% of the respondents say responsibility for compliance rests with the company that produces the data, 46% say it is in the hands of the company that processes the data and 37% of survey participants believe responsibility for data compliance is in the hands of third-party cloud providers. All of these parties will be individually responsible for the data they handle and the survey respondents’ multiple answers indicate a basic understanding of this ‘shared responsibility’ for personal data. But the low figures also demonstrate an air of uncertainty among EMEA’s CIOs and IT Managers.
Businesses are increasingly aware of GDPR, but more education is needed:
Compounding the confusion over compliance is the lack of comprehensive understanding of what is involved in the GDPR. Understanding is highest in Germany, but only 17% of respondents there say they fully understand GDPR. France is second with 15%, followed by the UK with 12%. The majority of base respondents say they have ‘some’ understanding of the GDPR (47%), and with only a year until the 2018 deadline, 9% still say they ‘don’t know’ what GDPR is. This lack of understanding is mirrored by 73% of base respondents admitting to having some concerns about the looming deadline, which threatens businesses with a large fine if regulations aren’t met.
Preparation for GDPR is slow-moving:
With the clock ticking and only a third (37%) of respondents across Europe saying they are investing extra funds in preparation for the GDPR deadline, Germany is taking GDPR preparations most seriously, with over a quarter of respondents (27%) saying they’ve already hired specific personnel with data protection expertise; France is second with 20% and the UK following behind with 17%. However, 14% of base respondents have yet to make any preparations at all. These preparations will prove essential given the rising power of data for businesses. As IDC figures predict, there will be an exponential growth in data, with 80 billion devices expected to connect to the internet by 2025.1
Compliance is a low priority:
When it comes to cloud adoption, a little more than a quarter of respondents (29%) regard compliance with regulation as a key motivation. This suggests that businesses are still not focused on the issue of compliance – even when it comes to major business decisions like cloud adoption.
Dr. Dierk Schindler, Head of EMEA Legal & Global Legal Shared Services at NetApp, comments: “As the cloud continues to transform the way we do business, the GDPR is a landmark piece of legislation. It lays the foundations for our data-driven future and provides a strong incentive for all enterprises which process EU citizens’ data to build a robust data privacy compliance framework. C-suite staff and IT managers, however, are still uncertain when it comes to data compliance, which is both striking and concerning as it lies at the heart of GDPR. Their understanding of compliance and their ability to embrace the responsibility for any data they handle, will directly affect their capacity to fend off future fines. With only half of the NetApp survey’s base respondents having at least ‘some’ understanding of what GDPR is, we have a long way to go – and only a year to do it.”