Spiceworks, the professional network for IT, today announced the results of a new survey that explores how IT departments are preparing for the General Data Protection Regulation (GDPR) due to go into effect in May 2018.
The research, GDPR: The Impact on IT, reveals that IT professionals in the U.K. are more prepared and informed about GDPR than the rest of the EU and the U.S. IT departments in the U.K. are also more supportive of GDPR, despite being the most concerned about potential fines.
The results show 40 per cent of organisations in the U.K. have started to prepare for GDPR, compared to only 28 per cent in rest of the EU and 5 per cent in the U.S. Additionally, only 5 per cent of IT professionals in the U.K., two per cent in rest of the EU, and two per cent in the U.S. believe their company is fully prepared for GDPR. Forty-three per cent of IT professionals in the U.S. don’t believe the changes will impact their organisation at all, compared to only three per cent in the U.K. and nine per cent in the rest of the EU.
Among those that do believe they’ll be impacted, the results show IT professionals in the U.K. are the most concerned about potential fines if their organisation doesn’t comply. Thirty-two per cent of IT professionals in the U.K. are concerned about potential fines, compared to 29 per cent in the rest of the EU and only ten per cent in the U.S. However, only nine per cent of IT professionals in the U.S. and 36 per cent in other EU countries believe they’re informed about GDPR and its impact on businesses, compared to 43 per cent in the U.K.
‘Some organisations believe they’ll be exempt from the EU-centric regulations and potential fines, but a massive knowledge gap still exists around how GDPR will impact businesses,’ says Peter Tsai, senior technology analyst at Spiceworks.
‘Considering GDPR impacts every organisation in the world that collects data on EU residents, many IT departments might have to scramble next year to comply with the regulation if they incorrectly assume GDPR doesn’t apply to them.’
Nearly half of IT departments aren’t preparing for GDPR due to a lack of prioritisation
Organisations that plan to prepare for GDPR are taking steps to document processes to prove compliance, while other common steps include training employees, conducting data audits, changing data management policies, and working with third-party consultants.
However, 15 per cent of IT departments in the U.K., 14 per cent in the rest of the EU, and 21 per cent in the U.S. have no plans to prepare for GDPR in the next 12 months. Among those IT departments, nearly 50 per cent said they aren’t preparing because it’s not a priority at their organisation. Many IT professionals also don’t understand the requirements while others lack the time, resources, and budget necessary to prepare.
Many IT professionals support GDPR but believe it will make their jobs more difficult
Although most businesses are not currently preparing for GDPR, the results show 65 per cent of IT professionals in the U.K. and 59 per cent in the rest of the EU are in favour of the data privacy regulations contained within GDPR. By contrast, only 37 per cent of IT professionals in the U.S. are in favour of the regulations.
Despite their support, many IT professionals have concerns about the upcoming deadline in May 2018. More than one-third of IT professionals say the steps to comply are unclear while others are concerned their management doesn’t understand the impact of the regulations. Additionally, many IT professionals are worried the regulations will increase complexity in the IT market, make their jobs more difficult, and require a significant amount of user training.
‘No matter if you live in the U.S. or the EU, it’s important to at least start researching how GDPR may (or may not) apply to your organisation,’ says Brian Sandison, network and server technician based in Scotland.
‘IT departments have a duty to ensure management understands the requirements and implications of these regulations so they’re not caught off guard. Because if a company disregards the regulations and gets fined, the blame will more than likely be placed on the IT team.’
Further reading on GDPR
