Approximately nine months separate us from the entry into force of the GDPR, the new European regulation on the protection of personal data, yet the awareness of organizations/companies about this change is still very low. According to a survey conducted by NTT Security, the assumption is that many business executives around the world are unaware of the implications of the new regulation, and on the other hand, of those who do say they are aware, less than half say that being GDPR compliant is important to their company. The picture is quite critical, as it involves not strictly companies based in Europe, but also all those that have business relations with Europe itself.
NTT Security’s survey of 1350 IT executives from 11 countries found that only four in ten (40%) global respondents believe their organization will be subject to GDPR, and as many as one in five (19%) admit they don’t know what regulations their organization is subject to. Looking abroad (non-EU): just a quarter of business executives in the U.S., 26% in Australia and 29% in Hong Kong believe they are subject to GDPR, although these regulations will apply to any company that processes data from European citizens.
What is probably not clear or unclear to all respondents is that the GDPR is already in effect! The date of May 25, 2018 indicates the time when it will begin to take effect with hefty fines for those not in compliance (up to €20 million or equal to 4% of annual global turnover).
Other data analyzed by NTT Security reveals even more disturbing aspects: one-third of respondents say they don’t know where their corporate data is stored; of the remainder, less than half say they are “fully aware” of how the new regulatory requirements will affect data storage in their organization. Ranking the level of knowledge and awareness, it appears that organizations in the banking and financial services sector, as well as information technology and services companies, are at the top. It is no coincidence that many IT services companies – such as IT solutions – starting from this awareness are configured as consultants for the adaptation of other organizations to the principles of the GDPR.
Sara Avanzi