UK firms less confident than U.S. counterparts in complying with GDPR
News / UK firms less confident than U.S. counterparts in complying with GDPR
16 May 2018
New research by Webroot has shed light on the preparedness of organisations based in the UK, the United States and Australia in adjusting to new data security measures and complying with their respective data security legislations.New research by Webroot has shed light on the preparedness of organisations based in the UK, the United States and Australia in adjusting to new data security measures and complying with their respective data security legislations.
A survey of 600 IT decision makers at mid-sized businesses with 100 to 499 employees in the U.S., the UK, and Australia revealed that even though 95 percent of such businesses believe stronger data protection policies, such as the GDPR which will take effect on May 25 and the Australian Notifiable Data Breaches (NDB) which came into effect on February 22, will lead to fewer breaches, only 42 percent are ready to comply with those policies.
IT decision makers in the UK not confident enough
At the same time, while nearly 99 percent of IT decision makers in the UK said their organisations are GDPR compliant, only 15 percent of them feel confident that their fellow employees are equipped to comply with GDPR. Only 18 percent of such decision makers were also not very confident about providing all information on EU citizens within one month of request. However, 95 percent of them did express some level of confidence in complying with such requests.
In contrast, 78 percent of IT decision makers in the United States feel confident that their fellow employees are equipped to comply with data security regulations, and 19 percent of them from Australia feel the same way.
A survey of 406 cyber security professionals commissioned by Tripwire and carried out by Dimensional Research in November last year had also revealed that only 18 percent of all organisations were fully ready to abide by the 72-hour breach notification window as mandated by the GDPR.
Despite the lack of readiness, 77 percent of cyber security professionals expressed confidence that their organisations could meet the 72-hour deadline once GDPR comes into effect. 24 percent of them went so far to state that they could notify customers of a data breach within the first 24 hours, let alone 72 hours.
In both cases, confidence expressed by IT decision makers in complying with GDPR requirements in the UK is not in sync with their relative preparedness. However, the survey revealed that despite the gap in ‘perceived readiness’ and ‘real-time readiness’ of organisations in complying with the 72-hour breach notification window, organisations were comparatively better placed when it came to storing and handling customer data.
“While it doesn’t come as much of a surprise that each respective country is focused on its own citizens’ data, organisations have to remember that in a global marketplace, their business impacts citizens beyond their own borders. We’re focused on offering our managed service partners solutions such as user training and endpoint protection to comply with the global regulations aimed at keeping data safe,” said Megan Shields, Data Protection Officer at Webroot.
Jay has been a technology reporter for almost a decade. When not writing about cybersecurity, he writes about mobile technology for the likes of Indian Express, TechRadar India and Android Headlines