• by Jess Nelson , July 18, 2017

The majority of companies are still unprepared for the European Union Data Protection Regulation (GDPR) to go into full effect in less than a year, according to a study released Monday by Crowd Research Partners. 

Sponsored by cyber security software company STEALTHbits Technologies, the study polled 530 information security professionals on how their organizations are preparing to be compliant by May 25, 2018 -- the date GDPR becomes law.

Organizations need to have more consumer-friendly privacy terms by that time, including additional transparency and more secure data handling, or face fines of millions of dollars. Any company that sends email messages to European residents need to comply with GDPR. The penalties for nonconformance could be as high as 4% of a company’s annual revenue or €20 million, whichever is greater.

Only 32% of respondents believed they were GDPR compliant, or well on their way to compliance, according to the study. A tenth of respondents weren’t even familiar with GDPR at all.

Almost a third of companies acknowledged they would have to make substantial changes in order to be compliant with GDPR, with a lack of budget, limited understanding of the regulation, and a lack of staff highlighted as the top challenges. 

A recent study commissioned by NTT Security, the 2017 Risk: Value Report, highlights a common misconception with GDPR. Only 39% of UK decision makers believe that the GDRR applies to them, with a further 20% admitting that did not know if they needed to be GDPR compliant or not.

It’s important to note that the European Union General Data Protection Regulation applies to any company or organization that conducts business with European Union residents, and is not restricted to European companies.