The results indicate a shocking lack of awareness and preparedness for the planned EU General Data Protection Regulation (GDPR). The regulation is due to come into effect in late 2014/early 2015 and is designed to unify and simplify data protection across 28 countries within the European Union (EU.
The GDPR includes a strict data protection compliance regime with severe penalties of up to €100m or up to five per cent of worldwide turnover for organisations in breach of its rules.
Compliance challenges ahead for those who don’t know GDPR or its timing
The Ipswitch survey revealed that more than half (56 per cent) of respondents could not accurately identify what ‘GDPR’ means. Over half of respondents (52 per cent) admitted they were not ready for GDPR, and over a third (35 per cent) confessed to not knowing whether their IT policies and process were up to the job, while only a mere 12 per cent of respondents felt ready for the change.
A further 64 per cent of respondents also conceded they had no idea when this regulation is due to come into effect. Only 14 percent of respondents could correctly identify that the GDPR is due to come into effect in late 2014/early 2015.
Understanding and preparing for GDPR is a priority for only 13 per cent of respondents
Despite the lack of awareness of regulatory change, when asked about priorities for 2015, only 13 per cent said they planned to spend more time understanding and preparing for regulation. A quarter (26 per cent) said they wanted to spend more time reviewing and tightening security policies and a further quarter (26 per cent) said they wanted to be able to spend less time on manual reporting and auditing.
In addition to testing the readiness of IT professionals, the survey also revealed that very little thought has been given to whether an organisation’s cloud service provider (CSP) is ready for the change. Although 79 per cent of those surveyed retained the services of a CSP, only six per cent of them said that they had thought to ask them whether they were ready for the GDPR.
Overall, German IT professionals proved to have most awareness of GDPR, with almost half (49 per cent) correctly identifying that GDPR stood for the General Data Protection Regulation. Only a quarter (26 per cent) of the British surveyed knew, and just over a third (36 per cent) of the French. Likewise, respondents from Germany also felt most confident in their preparedness with almost one fifth (17 per cent) confident enough to say they felt ready for the draft Bill to be passed.
The British were highlighted as most likely to store personal sensitive data in the cloud. It was the nation most likely to be concerned about the security of nude photos stored in the cloud. Seven per cent of British IT professionals confessed to having concerns about the safety of ‘images of a personal nature’, whilst only three per cent of French and two per cent of German IT workers said they had sleepless nights over the security of naked photos in the cloud.