Nearly a third of organisations in Europe are still not prepared for the European Union’s General Data Protection Regulation (GDPR), despite regulations coming in three months ago.

This is according to cybersecurity company Imperva, which conducted the survey on personal data rights and GDPR compliance at the Infosecurity Europe trade show.

Furthermore, the survey revealed that 16% of organisations did not feel confident that they would pass their first GDPR audit, with less than half of respondents very confident they would pass the audit.

GDPR compliance: The risks of not meeting law’s requirements

By not complying, companies could be putting themselves at risk of receiving financial penalties, with possible fines of up to €20m, or 4% annual global turnover, depending on the nature of the breach and the size of the organisation.

CTO of Imperva Terry Ray is not surprised by the results:

“The deadline has now come and gone, yet the study shows that many organisations aren’t sure they have achieved GDPR compliance. Any company that put GDPR off until the last minute now realises compliance cannot be achieved overnight. It does not surprise me that many organisations feel unsure about the idea of a GDPR audit. The truth is many would fail.”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

 The survey also asked if respondents knew where users’ personal data was stored on their systems, and although more than a third of  said that they were, more than half said they would need an extra three months to get their data storage in order.

Group CISO at security services company Falanx Group Tony Richards said:

“The results don’t surprise me as an indication of the state nationally. Organisations do seem fairly polarised on GDPR, with many businesses, especially SMEs either ignoring it, or buying some basic policy packages peddled by “GDPR Experts” and thinking that they are covered. On the other hand, you have organisations who are either using qualified consultants or investing internally to ensure that they are compliant. I think it boils down to whether the organisation, culturally, is customer centric and therefore they see value in protecting their customers privacy, or if they see it as a compliance issue with the bare minimum to be done, if at all.”