96% of companies still do not fully understand the European General Data Protection Regulation (GDPR), a survey has revealed.
Lack of consumer and regulatory understanding, combined with low technical and cultural preparedness, represents a major threat to revenue and brand value, according to a Symantec state of privacy report
As a result, 91% of 900 businesses and IT decision makers polled in the UK, France and Germany have concerns about their ability to become compliant by the time the GDPR comes into force on 25 May 2018, according to Symantec’s State of Privacy Report.
The report coincides with a call by the Payment Card Industry Security Standards Council (PCI SSC) for firms to act now to avoid exponentially increased penalties under new European Union (EU) data protection regulations.
UK businesses could face up to £122 billion in penalties for data breaches when new EU legislation comes into effect, the PCI SSC has warned.
The Symantec study also revealed only 22% of businesses consider compliance a top priority in the next two years, despite only 26% of respondents believing their organisation is fully prepared for the GDPR.
Nearly a quarter of those polled said their organisation will not be compliant at all, or will be only partly compliant, by 2018.
Of this group, only a fifth believe it is even possible to become fully compliant with the GDPR, with nearly half believing that while some company departments will be able to comply, but others will not.
This stark lack of confidence in meeting the May 2018 deadline leaves businesses at risk of incurring significant fines, the report said.
These findings show businesses are not only underprepared for the GDPR, they are under preparing,” said Kevin Isaac, senior vice-president, Symantec.
“There is a significant disconnect between how important privacy and security is for consumers, and its priority for businesses. The good news is there’s still time to remedy the situation, but only if firms take immediate action,” he said.