Businesses feel burden of preparing for the EU’s GDPR
Over two thirds of IT professionals surveyed say they need to invest in new technologies or services to help prepare their business for the impact of GDPR
Ipswitch™ released the results of a European survey that polled 300 IT professionals* to see how their businesses were preparing for the new European Union (EU) General Data Protection Regulation (GDPR). The regulation is designed to unify and simplify data protection across 28 EU countries and includes severe penalties for non-compliance of up to two percent of a company’s annual global turnover. The GDPR draft has been passed by EU Parliament and is due to become law by the end of 2015. It is expected to impact any organisation which collects, stores, processes and shares personal data on employees, customers or partners.
The Burden of GDPR
Over two thirds (68 percent) of IT professionals say that keeping up to date with changing data protection regulatory requirements is a financial burden on their business. British businesses feel most strongly about this (77 percent), compared with 66 per cent in France and 61 per cent in Germany.
69 percent of IT professionals believe they will need to invest in new technologies and services to help them prepare for the impact of GDPR. 62 percent think they will need to invest in encryption technologies, 61 percent in analytic and reporting technologies, 53 per cent plan to invest in perimeter security technologies and 42 percent in file sharing technologies.
Over half (51 percent) report that their business has already allocated training budget to help staff understand and comply with GDPR. However, just under a third (30 percent) have not. Almost one fifth (19 percent) have no idea whether training budget has been allocated. Businesses in France report the most instances of training budget having been allocated, (56 percent), compared to 49 per cent in Germany and 48 per cent in the United Kingdom.
Exactly half of IT professionals also say they have allocated internal training resource to help staff understand and comply with the new regulation. However, almost one third, (32 percent), have no internal resource allocated for this yet. The United Kingdom is the least prepared here, with 40 per cent having made no provision compared to their German (33 percent) and French (24 percent) counterparts.
Awareness of GDPR and Data Use
Whilst over two thirds (69 percent) of IT professionals acknowledge that GDPR will impact their business, almost one fifth (18 percent) still have no idea whether changes in the regulation will apply to them. This is despite confirming that they do store and process personal data.
These numbers are however an improvement on awareness of the regulation at this time last year, when a GDPR compliance survey conducted by Ipswitch revealed that more than half (56 percent) of respondents could not accurately identify what ‘GDPR’ meant.
Overall, 90 percent of those surveyed said that their businesses store personal data, 86 percent process personal data and over a third (40 percent) share data externally. 62 percent of those that share personal data use email to do so. A quarter are using portable storage such as USBs or CDs, almost a quarter (22 percent) use the postal system and 43 percent use cloud based file sharing websites.
David Juitt, chief security architect at Ipswitch, commented:
“It’s encouraging to see that there is far greater awareness of the changes than at this time last year. Just over half of businesses are starting to prepare with training courses for staff. However, whilst IT professionals recognise the need to align data protection regulation to keep up with modern data sharing practices and the globalisation of data, it is clear that compliance comes at a price for most. Whilst many are trying to prepare by organising training and assigning resource, there’s clearly a very large expectation of a need to invest in technologies including managed file transfer systems like Ipswitch MOVEit™ that meet stringent security and compliance requirements.”
The Ipswitch MOVEit™ managed file transfer system helps IT teams support GDPR requirements in the following ways:
Protecting Personally Identifiable Information (PII)
· Support for secure open standard transfer protocols
· End-to-end encryption, guaranteed delivery and non-repudiation
· Automated file management policies
· Automated file exchange
· Managed ad hoc exchange
· Policy based file access and data loss protection (DLP)
Managing System Exposure
· High availability and disaster recovery
· Monitoring and reporting for auditing and forensics
· Trading partner provisioning and management
*The 2015 GDPR Ipswitch survey was conducted by technology research firm Vanson Bourne during July 2015 and polled 300 IT professionals. Survey responses include 100 responses from the UK, 100 responses from France, and 100 responses from Germany.