It may be a little late to start worrying about the General Data Protection Regulation: As IBM notes in a new study, it’s like cramming for a test in school. But companies have to make the effort because both regulators and the public expect it.
That doesn’t mean they are ready.
On the downside, IBM found in a study that only 36% expect to be fully compliant before May 25. But 46% have begun their efforts, and a mere 18% have done nothing.
Their main focus is performing data discovery and ensuring data accuracy — 60% are ready. Then there is implementing data subject rights and controls, for which 58% are prepared.
Next are getting consent from data subjects (48% are on top of it) and handling cross-border data transfers (47%). Those are the activities with the lowest levels of preparedness.
But they have issues — 44% fear that GDPR could be modified in the future, and 43% are concerned about the cost of GDPR compliance (as opposed to the cost of non-compliance).
On the upside, 59% feel GDPR could spark new data-led business models. And 96% of the GDPR ‘leaders” (representing 22% of the sample) feel that proof of compliance will be a differentiator with the public.
These leaders, referred to as the “Sparked” by IBM, also view GDPR as a chance to improve their security processes and business functions.
The sluggards, identified as the “Squeezed,” are less committed and may not realize their full potential.
Of the Sparked companies, 89% are highly committed to providing the necessary resources to comply — three times more than the Squeezed.
And the opportunities? OF the Sparked, 93% feel they will now be able to provide more personalized experiences for their customers, vs. 74% of the Squeezed. And 91% think they will develop more trusted relationships with customers, compared with 72% of the Squeezed.
Meanwhile, Mailjet found in a global survey of over 4,000 small businesses that 67% aren’t protecting their data by encrypting it. The U.S. leads, with 53% encrypting data, and 47% maintaining a warning system in place. In contrast, only 21% of European start-ups encrypt, and 28% have an alert system. The UK leads in Europe, with 33% encrypting data and 44% with a warning system.
It remains to be seen if unprepared firms will face legal action. They may not — GDPR could turn out to be one of the biggest boondoggles of all time. That said, it's never too late to get ready.
The IBM Institute for Business Value and Oxford Economics surveyed 1,500 GDPR leaders in 34 countries.