One in three global businesses believe that the impact of GDPR could threaten their existence.
With six weeks to go until the General Data Protection Regulation (GDPR) deadline on 25 May 2018, NetApp’s global research has found that the 1,106 IT decision makers surveyed across France, Germany, the United States, and the UK are united in their concerns. One-third of respondents say that the impact of noncompliance with GDPR puts the survival of their business at stake. At the same time, two-thirds of respondents expressed some level of concern about achieving compliance by the deadline.
· 35% of global businesses think that GDPR could threaten their existence, while 51% think that it could lead to damage to their reputation.
· 67% of global businesses are concerned that they will not meet the deadline.
· Only 40% of global businesses have confidence in knowing where their data is stored.
High levels of awareness: Businesses view noncompliance fines as a serious threat
With only 45 days to go, global businesses are well aware of the impact of noncompliance. Over one-third (35%) of global IT decision makers say that financial penalties could put their business’ survival at risk. This number is even higher in the United States (40%) and in the UK (41%). Meanwhile, 34% of French and 26% of German respondents believe that the fines for noncompliance could mean the demise of their business.
Global respondents also shared their views on potential damage to their reputation. This concern is most pertinent in the UK, where 56% of respondents say the impact of noncompliance will cause reputational damage to their business, followed by the United States with 52%, France with 49%, and Germany with 45%.
Strong motivation for GDPR preparation: Global concerns over GDPR deadline prevail
The GDPR deadline applies to all businesses that deal with the personal data of EU citizens, sparking high levels of concern among global IT decision makers; 67% think that their businesses may not be compliant until after the deadline. U.S. IT decision makers are the least optimistic, with over three-quarters (76%) expressing some level of concern about meeting the deadline. Their European counterparts are not far behind, with 74% of UK respondents and 60% of German respondents echoing these concerns. French businesses are the least concerned (59%). Across Europe, almost two-thirds (64%) express concern – a number that has decreased by only 9% over the past 15 months: In a NetApp survey from early 2017, 73% of respondents in Europe said they had concerns. Motivation for further preparation ahead of the deadline is now high, with businesses working to alleviate their concerns.
Still time for improvement: Lack of confidence in knowing where data is stored adds to concern
Under GDPR, every business that deals with the personal data of an EU citizen must know where their data is stored at all times. This knowledge is the first step toward GDPR compliance. However, the survey shows that knowledge levels are low globally, with only 40% of respondents stating that they can say with confidence where all of their data is stored. U.S. respondents are the most confident (52%). Across Europe, confidence is much lower (just 35%), which is only 10% higher compared to NetApp’s survey results in 2017. Germany is the least confident, with only 33% saying that they know where all their data is stored, with the UK and France coming in at 39% and 34% respectively.
Alex Wallner, NetApp Senior Vice President and General Manager EMEA, says, “We have known for a long time that GDPR is coming and would have hoped that the level of concern among businesses these days would be minimal. That clearly is not the case, even though the GDPR, data compliance, and privacy questions will undoubtedly affect businesses that touch EU citizens’ data. But there is good news, in spite of the approaching deadline: The whole ecosystem is responding to the requirements of GDPR, from resellers to hyperscale cloud providers to manufacturers. Enterprises can tap into this expertise, build up resources, and future proof businesses with GDPR compliant data management.”