Email marketers have been told many that they must comply with the General Data Protection Regulation (GDPR) if they’re doing business in Europe. But they’re not listening, according to a new survey from Experian and the Ponemon Institute.
Of 558 IT security and compliance professionals polled globally, only 24% say their firms have a high degree of readiness to adhere to the GDPR, and 59% feel their companies do not understand what they need to do to comply.
Worse, they are ambivalent about the GDPR itself. When asked about the effect of global regulations, 73% said that notifying data breach victims on a global scale, a tough new requirement in the GDRP, is “very difficult to perform.”
In addition, 69% believe that failure to comply with regulations would have an impact on their global business. And 50% would consider closing their overseas operations when faced with overly strict regulations.
At the same time, only 30% say their C-Suite is fully aware of the state of compliance, the report continues. And 38% agree that “senior leadership views compliance with global privacy and data protections regulations as a top priority,” it adds.
That said, 89% believe GDPR will have a significant impact on their data protection practices. But only 41% of respondents believe the regulations will strengthen their privacy practices.
Finally, 70% “do not believe or are unsure whether the more stringent notification requirements in the GDPR will benefit the victims of a data breach,” the study reports.
The GDPR takes effect in May 2018.
Nor are all companies prepared to deal with cyber threats. Only 38% have one or more incident plans in place throughout the globe, and 27% have regional plans. But 32% have no plans, and 3% aren’t sure. Moreover, 49% have outdated and inadequate security measures and policies.
Half have suffered a global data breach in the past five years. North America had the most incidents, followed by Europe and Asia Pacific.
Europe is the most ready, with 67% saying their level of preparedness is high. North America was second, with 54% expressing confidence. Asia-Pacific was third, with 44% saying they are prepared.
As to the causes of the data breaches, 52% blamed it on a
negligent insider, 39% on cyber attack and 35% on a systems glitch. In addition, 25% said they lost data in a physical delivery. And 21% said the breach occurred when they outsourced data to a third party
Even more discouraging is the fact that 45% learned of the breach from a customer complaint. And 36% said they found out about the breach by accident.
But the companies are worried about the problem. Above all, they fear losing large volumes of data (65%) and high-value information. In addition, 42% are concerned about ransomware, and 30% the Internet of Things.
But they’re trying to get ready. Of those surveyed, 70% are conducting assessments of their ability to comply and 57% are investing in new technologies such as analytics, consent management and encryption. In addition, 55% are appointing data protection officer under the GDPR