Fewer than 1 in 3 firms prepared for May 25 GDPR deadline

| May 18, 2018

The GDPR compliance deadline looms a few days days away, but only 29 per cent of companies in APAC will be ready, according to a new global survey conducted by ISACA.

Conducted last month, ISACA’s GDPR Readiness Survey provides a near-real-time look at readiness levels, top compliance barriers and expected readiness timeframes.

GDPR, a regulation out of the European Union, impacts entities doing business in or with the EU starting 25 May 2018.

Not only are most organisations unprepared for the deadline, but only around half of the companies surveyed (51%) expect to be compliant by end-of-year 2018, and 40 per cent do not know when they will be fully compliant.

According to ISACA’s research, locally the top five challenges related to GDPR compliance are:

• Data discovery and mapping (55%)

• Organisational education and change programs (49%)

• Prioritising GDPR compliance among other business priorities (42%)

• Ensuring cross-departmental collaboration and buy-in (42%)

• Assessing what your organisation needs to do to become compliant (39%)

Cost was the sixth highest concern, at 33 per cent. About 20 per cent say it will cost under US $1 million to become GDPR compliant, with 14 per cent spending $1 million or more.

Two-thirds of the business technology professionals surveyed in APAC were unsure how much their organisations would be spending.

Among the survey’s most concerning findings is the level of employee education on GDPR and their role in compliance. Only 42 per cent of respondents say their organisations’ employees have been educated to a satisfactory level about their responsibilities to maintain GDPR compliance.

“Employee awareness and education are critical components of ongoing GDPR compliance,” said Chris K. Dimitriadis, Ph.D., CISM, CRISC, CISA, past board chair of ISACA and chair of ISACA’s GDPR Working Group.

“Awareness of—and commitment to—well-defined security, data management, and privacy policies and procedures clearly need to be an integral part of every organisation’s culture, from the top down.”

The good news is that the majority of executive leaders in APAC recognise the importance of GDPR and its implications. According to the ISACA data, two-thirds of respondents (66%) believe their organisation’s executives have made becoming GDPR-compliant a priority.

Organisations also expect to achieve significant benefits from GDPR compliance. The top three anticipated positive outcomes are:

• Improved business reputation (57%)

• Greater data security (56%)

• Competitive advantage in the EU (38%)

“One of the most practical and cost-effective ways organisations can support GDPR and other compliance requirements is to help employees understand the business value of the information they deal with on a regular basis,” said Tim Upton, CEO at TITUS, which sponsored ISACA’s survey and research report.

“That way, employees become more aware of their responsibilities when it comes to handling and protecting data within the flow of work, providing added value to the ways organisations earn and maintain the trust of customers and employees.”