A new study by Spiceworks
shows that 61% of UK companies feel they are prepared for the General Data Protection Regulation, compared with 46% in the rest of Europe and 26% in the U.S.
Most firms are not concerned
about potential GDPR penalties, so they haven’t put compliance on the front burner, Spiceworks says.
Only 14% of UK firms, 9% of EU organizations, and 3% of U.S. companies believe
they will be fined for not complying by the May 25 deadline for GDPR.
This conflicts with a study by Enlighten, showing that 45% of UK companies expect to be fined for not being ready on time.
It also found that 61% would file for an extension, if possible.
According to Spiceworks, however, UK outfits are better prepared all around. Over 60% are conducting data audits, compared with
less than 50% of firms in Europe and around 33% of U.S. companies.
In addition, 59% are training employees in the UK, versus 54% in Europe and 21% in the U.S.
Finally, 30% of the IT
departments at British firms are spending more than 120 hours preparing, compared to 21% in Europe and 18% in the U.S. And almost 60% of the U.S. entitles expect their IT units to spend less than 40
hours.
The reasons for missing the deadline? Lack of time and resources is cited by 60% of those that are lagging in the UK, and 64% elsewhere in Europe. But 40% of IT pros in the U.S. say
that being prepared for GDPR is not a priority for their firms.
On the whole, IT pros are in favor of the GDPR, with 75% in the UK saying so, along with 70% in the rest of the EU. But 53% of
the U.S. respondents have no opinion on this.
However, a recent Spiceworks poll found that 66% in the U.S. believe the country should implement regulations similar to the GDPR, in the wake of
recent Congressional hearings and privacy disclosures.
"On paper, most IT pros support the principles of the GDPR and want to protect personal data, but in practice, many hurdles are keeping
organizations from becoming compliant in a timely manner," said Peter Tsai, senior technology analyst at Spiceworks.
He adds: "As a result, European regulators might have their hands full,
considering many organizations won't be GDPR compliant for months or years to come, and few believe they will be penalized."