A quarter of European firms have no idea GDPR is coming their way, survey shows

New consent rules, broadened European privacy rights, fines going up to millions of euros, as well as stricter procedures and public disclosure in cases of data breach - those are just some of the changes that will come into force as part of the General data protection regulation (GDPR) in May 2018.

  • 6 years ago Posted in
Despite the significance of these changes, a large number of companies have no idea what is coming their way with little more than a year till the deadline. As demonstrated by an IDC Research survey* conducted on behalf of ESET, a quarter (25%) of the 700 surveyed European companies admitted they were not aware of GDPR and more than half (52%) of them were unsure of the impact on their organization.
Even after shifting the focus to those, which were aware of the regulation, the picture didn’t get much rosier. Every fifth (20%) firm in the survey hadn’t begun preparing for GDPR yet, and another almost 60% were still getting their systems in line with the new rules, leaving only 21% ready for the changes.
This is surprising, mostly in regards to the potential consequences businesses will face in case of non-compliance. Nowadays, costs of data breaches appear to remain in the lower six figure range, at least according to IDC Research’s surveying. A quick comparison with the coming penalties may put the near future into perspective.
35% of the organizations that suffered a data breach in the last two years, reported losses of between ˆ25.000 and ˆ250.000, and most (32%) put losses between ˆ10.000 and ˆ25.000. However, fines and rules on public disclosure imposed by GDPR can potentially increase financial risks after May 2018 to millions of euros.
The new regulation sets maximum fines to as high as ˆ20 million or 4% of a company’s annual turnover if the company violates GDPR rules related to breaches of data protection principles, conditions for consent, customers’ or employees’ rights or international data transfers.
This means a significant increase in risk, but the regulation itself also suggests “proper means” that can help businesses mitigate them. Encryption is named as one of the technologies that can help protect data and ease some of the obligations.
Also, costs for implementing encryption at SMBs – starting around tens of euros per seat per year – are significantly lower than the potentially devastating fines companies face under GDPR.
In this regard, with only a year left until GDPR enters into force, IDC has also looked into the state of encryption and its use amongst the surveyed businesses. It found that file encryption has been implemented in 46% of the firms and is desired by 36%. Compared to that, full-disk encryption is reportedly in use in only 38% of the companies, and desired by a third of them (34%).
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...