If you’re not already feeling the heat of compliance-regulatory scrutiny, there’s another cybersecurity-related acronym that just joined the list. Add to PCI, SOX, GLB, and HIPAA the European Union General Data Protection Regulation, or GDPR. Those of you outside of the EU may be scratching your heads at that and saying, “Well, that doesn’t apply to me,” but you’d be wrong if any of your customers live in the EU. The new regulation goes into effect in early 2018, and will have broad scope and impact for those who deal at all with the sensitive data of any EU citizen.
More specifically, anyone who stores, processes, or transmits the personal data of European Union citizens is required to comply with GDPR – even if you or your organization aren’t based in the EU. In a recent survey on the new regulation and organizational preparedness in the realm of IT and data security, most respondents said they lacked sufficient knowledge about it and do not feel prepared. Not surprisingly, most of the underprepared were outside of the EU, although there are both types on either side of the Atlantic. The ones that did respond that they felt prepared shared competency advantages in the area of security technology that supported their confidence, strengthening their chances of not getting hit with a violation fine and/or other sanctions.
Key Findings of the GDPR Survey
The GDPR survey results show that IT and business professionals responsible for data security lack general awareness of the new regulation, and many organizations are neither prepared for it now, nor expect to be even by the time it goes into effect. Also noteworthy:
- More than 60 percent of respondents say they are aware something is going on with GDPR, but they know little to nothing about it.
- Only 4 percent of respondents outside of Europe said they are “very knowledgeable” about the details of GDPR, while just 6 percent of those in Europe said they are very familiar with the requirements.
- Fewer than 1 in 3 companies feel they are prepared for GDPR right now.
- Nearly 70 percent of respondents say their organization is “definitely not” or “don’t know” if their organization is prepared for GDPR today, and only 3percent of these have a readiness plan in place.
- Less than 50 percent of respondents say they feel confident they’ll be ready when GDPR kicks off in 2018, while only 9 percent expect to be fully prepared in time.
It’s possible to survive the “alphabet avalanche,” as well as the new EU data protection regulation, say experts, if your IT security readiness is up to par. No sweat, right? Well, you first have to have competent and reliable IT experts in your corner, preferably as a vCIO or MSP (managed services provider) who can dial in all of your network parameters and requirements, and make loss of sleep over regulatory compliance a thing of the past.
For More Help on Regulatory Compliance Readiness
For more information and help regarding the new regulatory compliance, you can speak to an expert at PNJ Technology Partners, which is a proven leader in providing IT security and compliance readiness in Albany. Contact a representative at (518) 459-6712 or send us an email at info@pnjtechpartners.com today, and we can help you with all your questions or concerns.
