• by Ray Schultz , June 27, 2017

Email marketers have been told many that they must comply with the General Data Protection Regulation (GDPR) if they’re doing business in Europe. But they’re not listening, according to a new survey from Experian and the Ponemon Institute.

Of 558 IT security and compliance professionals polled globally, only 24% say their firms have a high degree of readiness to adhere to the GDPR, and 59% feel their companies do not understand what they need to do to comply.  

Worse, they are ambivalent about the GDPR itself. When asked about the effect of global regulations, 73% said that notifying data breach victims on a global scale, a tough new requirement in the GDRP, is “very difficult to perform.”

In addition, 69% believe that failure to comply with regulations would have an impact on their global business. And 50% would consider closing their overseas operations when faced with overly strict regulations.

At the same time, only 30% say their C-Suite is fully aware of the state of compliance, the report continues. And 38% agree that “senior leadership views compliance with global privacy and data protections regulations as a top priority,” it adds.

That said, 89% believe GDPR will have a significant impact on their data protection practices. But only 41% of respondents believe the regulations will strengthen their privacy practices.

Finally, 70% “do not believe or are unsure whether the more stringent notification requirements in the GDPR will benefit the victims of a data breach,” the study reports.  

The GDPR takes effect in May 2018.

Nor are all companies prepared to deal with cyber threats. Only 38% have one or more incident plans in place throughout the globe, and 27% have regional plans. But 32% have no plans, and 3% aren’t sure. Moreover, 49% have outdated and inadequate security measures and policies.

Half have suffered a global data breach in the past five years. North America had the most incidents, followed by Europe and Asia Pacific.

Europe is the most ready, with 67% saying their level of preparedness is high. North America was second, with 54% expressing confidence. Asia-Pacific was third, with 44% saying they are prepared.  

As to the causes of the data breaches, 52% blamed it on a

negligent insider, 39% on cyber attack and 35% on a systems glitch. In addition, 25% said they lost data in a physical delivery. And 21% said the breach occurred when they outsourced data to a third party 

Even more discouraging is the fact that 45% learned of the breach from a customer complaint. And 36% said they found out about the breach by accident.

But the companies are worried about the problem. Above all, they fear losing large volumes of data (65%) and high-value information. In addition, 42% are concerned about ransomware, and 30% the Internet of Things.

But they’re trying to get ready. Of those surveyed, 70% are conducting assessments of their ability to comply and 57% are investing in new technologies such as analytics, consent management and encryption. In addition, 55% are appointing data protection officer under the GDPR