The European Union (EU) General Data Protection Regulation (GDPR) deadline is May 25, yet most companies are still not prepared for the mandate, according to a survey used to analyze organizational awareness and preparedness on GDPR conducted by the Cloud Security Alliance (CSA).
Key findings from the CSA "GDPR Preparation and Awareness Survey Report" included:
- 83 percent of companies do not feel very prepared for GDPR.
- 71 percent feel confident that their organization will meet GDPR compliance in time.
- 59 percent are making GDPR a high priority.
- 31 percent have well-defined plans for meeting GDPR compliance, 85 percent have something in place and 73 percent have begun executing their plan.
- 27 percent have little to no familiarity with GDPR.
In addition, 89 percent of survey respondents are concerned about incurring GDPR-related fines, CSA indicated. At least 15 percent are adjusting their budgets by millions of dollars in advance of potential GDPR penalties, CSA said, and organizations have set aside an average of nearly $4.3 million for GDPR fines.
How Can Organizations Get Ready for GDPR?
GDPR will change how organizations across the world collect data, CSA stated. Although many companies are confident they will meet GDPR requirements by the enforcement date, some businesses still need additional guidance to ensure they can avoid GDPR penalties.
Many tools and resources are available to help organizations prepare for GDPR, and these include:
- CSA Code of Conduct for GDPR Compliance: Provides MSSPs, cloud services providers (CSPs) and cloud users with insights into the fair and transparent processing of personal data and other GDPR guidelines.
- ISACA GDPR Assessment: Enables organizations to identify GDPR readiness gaps and offers tips to help organizations resolve these gaps.
- Dome9 GDPR Readiness Bundle: Uses the Dome9 Compliance Engine to help organizations determine whether their public cloud environments comply with GDPR.
MSSPs and GDPR Compliance Preparations
MSSPs also can help organizations prepare for GDPR and reduce the risk of GDPR violations.
For example, Trustwave, a Top 100 MSSP and cybercrime, data protection and security risk management firm, now offers GDPR compliance services. These services are designed to teach companies about the flow and housing of personal data through each department and associated compliance risks, as well as show organizations how GDPR principles apply to this process.