28% of the world’s unready for GDPR 100 days before new legislation strikes in

Preparations for GDPR are also proving costly, with businesses investing as much as $5m on compliance with Europe leading the way.

Nearly one in four organisations worldwide are still ill-prepared for the introduction of the new European Union (EU) General Data Protection Regulation (GDPR).

Coming into force on May 25, 2018, only 100 days down the line, GDPR will change the rules on own European citizens’ data is handled and stored. Failure to comply with the new legislation could lead to fines of up to €20m, or 4% annual global turnover – whichever is higher.

For data centre operators, the new regulation has proved to be a business boost as the need to store data on EU soil sparked a construction frenzy -including hyperscalers – and a ‘race to arms’ for industry partnerships.

The GDPR is also clear that as long as a business handles the data of one EU citizen in one of the 28-member states, that data has to remain in the EU, independently of where the business is headquartered.

However, and despite much hype, 28% of companies are still not ready for the regulatory change, according to a 1,000 companies survey by global DDI services provider EfficientIP and commissioned to Coleman Parkes.

According to the report, regionally, North America is the most confident region in world, with American and Canadian organisations saying they will be prepared at 84% and 75% respectively.

Despite the on-going Brexit negotiations and uncertainty looming over the enforcement and effectiveness of the EU GDPR regulation on local businesses, the UK is the most confident nation in Europe, with 74% saying they will be ready by deadline day.

In comparison, Spanish businesses are a close second to the UK at 73%, dropping to 66% of French respondents. German organisations are the least confident in Europe at 61%.

Preparations for GDPR are also proving costly, with businesses investing as much as $5m on compliance with Europe leading the way.

On average, global organisations have so far spent $1,583,000 on GDPR compliance.

Globally, European businesses have spent the most on average on compliance with Germany leading at $1,969,000, followed by the UK with $1,798,000 with France completing the top three at $1,781,000.

USA and Singapore top regional spending in North America and APAC, investing $1,568,000  and $1,521,000 respectively on average.

Small and Medium Business have spent on average $1,263,000 so far on compliance, whereas large businesses have spent up to $5m on compliance.

Herve Dhelin, SVP Strategy at EfficientIP, said: “As organisations enter the final straight of GDPR compliance with 100 days to go, our research shows they have never been so close to regulatory compliance.

“There is still some work to do, but it is encouraging to see nearly three-quarters of businesses are ready and most organisations see monitoring and analysis of DNS traffic, not firewalls nor endpoints, is the best way of preventing data breaches.”