UK Tech Community Unhappy With GDPR Leadership
New survey shows that seven out of ten IT decision makers feel that UK Government’s explanation of GDPR is inadequate.
The results show that despite potentially crippling fines from the Information Commissioner’s Office (ICO), €20m or 4% of worldwide annual turnover, most organisations are still not prepared for GDPR implementation day on the 25th of May. More than half of respondents felt that the government had not done an adequate job of educating companies properly about the regulations.
Despite the fact that the regulations were announced two years ago and have been widely publicised, many still feel they do not fully understand it. Moreover, they are intimidated at the prospect of a complex implementation process, with some ready to roll the dice and risk non-compliance. The tech community are not alone in their confusion, YouGov’s Omnibus survey revealed that 72% of British adults have not heard of GDPR.
The survey, commissioned by security firm Bitdefender, is based on the responses of 250 Chief Information Officers (CIO), Chief Information Security Officers (CISO) and Chief Security Officers (CSO) in UK-based companies with more than 500 employees.
Key Survey Results
• 52% believe the press and/or information security marketing departments are guilty of over-hyping the GDPR
• 31% of CIOs and 26% of other C-level IT decision said they would not be able to provide a clear description of GDPR and how their company complied
• 74% of C-suite IT players believe government explanations of how to prepare have been inadequate.
• 83% of CSOs, 51% of CISOs and 34% of CIOs admitted they would be tempted to risk non-compliance to offset the complex implementation process
Liviu Arsene, researcher at Bitdefender said:
“This study brings a new perspective to GDPR compliance. As an industry, everyone in IT can agree that the GDPR represents the most significant change to data protection practices in two decades – yet despite the hype around it, it appears that not everyone is sure exactly what it is or whether their companies are ready for it.
“It’s this last point that is concerning. In less than 100 days, all companies will be held responsible for their handling of data as it relates to the protection of European citizens’ data. Companies will need to prove they are doing everything they can to protect this data, share who has control over it and even how, if at all, it is transported to other regions of the world.
“It’s not too late to act. Companies still have a small window of time to establish data ownership, identify security weak spots and shore up defences. The risks of not doing so simply do not add up in the modern enterprise, where data – and data protection – is money.”