D3 Security is a sponsor of the newly released 2018 GDPR Compliance Report. The report was produced by Cybersecurity Insiders, and comprises results from a survey of more than 500 IT, cybersecurity, and compliance professionals about how their organizations are readying themselves for GDPR, which takes effect in a matter of weeks.
We recommend that you read the report to get the complete picture. In this post, we’ll highlight a few of the key findings.
Something we have heard over and over during the countdown to GDPR is that organizations are not ready to be compliant. The report confirms this claim, with 60% of respondents saying they have either not started the compliance process or are not confident of achieving compliance in time for the May 25, 2018, enforcement date. Some respondents speculated they would only need a few months to become compliant; alarmingly, 14% said it would take them more than four years.
If so many organizations are unprepared for GDPR, the question becomes: why? What is preventing organizations from making the necessary changes, when the potential consequences of non-compliance are so high? The study reveals some of the reasons. 43% of respondents said a lack of experts with critical skills was an important factor. 40% cited a lack of budget. Despite a wealth of literature emerging during the lengthy lead-up period, limited understanding of GDPR remains an issue. 25% said they have limited or no familiarity of the specifics of the regulation.
The mandate of GDPR is so broad, that it will impact many groups within large organizations, including compliance, IT, and legal. D3’s primary domain is security—although we facilitate cross-departmental workflows—so were interested to read how survey respondents expected GDPR to affect their security teams. 25% said their Information Security team would have primary ownership of GDPR compliance, second only to IT. 84% expect changes to their security practices and systems as a result of GDPR, with 28% of those expecting substantial change.
As we previously described in a solution guide, D3 can be an important part of any organization’s GDPR compliance plan. D3 supports the strict breach reporting timeline with tools to rapidly detect, assess, and remediate incidents. D3 also helps establish repeatable compliant processes for investigations, reporting, and secure cross-department workflows—just to name a few GDPR-relevant features.
Read the GDPR Compliance Report to get a complete sense of how companies are preparing (or not preparing) for GDPR.