A new study by Spiceworks shows that 61% of UK companies feel they are prepared for the General Data Protection Regulation, compared with 46% in the rest of Europe and 26% in the U.S.
Most firms are not concerned about potential GDPR penalties, so they haven’t put compliance on the front burner, Spiceworks says.
Only 14% of UK firms, 9% of EU organizations, and 3% of U.S. companies believe they will be fined for not complying by the May 25 deadline for GDPR.
This conflicts with a study by Enlighten, showing that 45% of UK companies expect to be fined for not being ready on time. It also found that 61% would file for an extension, if possible.
According to Spiceworks, however, UK outfits are better prepared all around. Over 60% are conducting data audits, compared with less than 50% of firms in Europe and around 33% of U.S. companies.
In addition, 59% are training employees in the UK, versus 54% in Europe and 21% in the U.S.
Finally, 30% of the IT departments at British firms are spending more than 120 hours preparing, compared to 21% in Europe and 18% in the U.S. And almost 60% of the U.S. entitles expect their IT units to spend less than 40 hours.
The reasons for missing the deadline? Lack of time and resources is cited by 60% of those that are lagging in the UK, and 64% elsewhere in Europe. But 40% of IT pros in the U.S. say that being prepared for GDPR is not a priority for their firms.
On the whole, IT pros are in favor of the GDPR, with 75% in the UK saying so, along with 70% in the rest of the EU. But 53% of the U.S. respondents have no opinion on this.
However, a recent Spiceworks poll found that 66% in the U.S. believe the country should implement regulations similar to the GDPR, in the wake of recent Congressional hearings and privacy disclosures.
"On paper, most IT pros support the principles of the GDPR and want to protect personal data, but in practice, many hurdles are keeping organizations from becoming compliant in a timely manner," said Peter Tsai, senior technology analyst at Spiceworks.
He adds: "As a result, European regulators might have their hands full, considering many organizations won't be GDPR compliant for months or years to come, and few believe they will be penalized."