According to a recent global survey commissioned by Dell and conducted by Dimensional Research, fewer than 1 in 3 companies are prepared for the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), which will become effective on May 25, 2018. The GDPR will carry hefty fines that will be based on case-specific multi-factor analysis. Depending on the type of infringement, GDRP violators can be fined up to €10 – €20 million, or up to 2% – 4% of total worldwide annual turnover, whichever is higher.

Among key survey results are the following findings:

  • Approximately 31 percent of respondents were aware of the GDPR but knew no details and approximately 38 percent knew some details. Only 4 percent of respondents said they were very knowledgeable about the details of the GDPR.
  • More than half as many business executives compared to IT executives did not know any details about the GDPR. Most companies also expect IT to take the primary responsibility for data protection and compliance with the GDPR.
  • Only 3 percent of respondents reported having in place a clear plan to prepare for the GDPR; 27 percent were still figuring out who needs to be involved in putting such a plan together and 33 percent have not started their planning at all.
  • Only 31 percent of respondents reported that they are prepared for the GDPR today.
  • Only 9 percent of respondents were confident that their company will be fully ready for the GDPR when it comes into force in May 2018.

These results show that the majority of companies doing business in Europe still have a lot of work to do to prepare for the GDPR. To avoid the bite of the GDPR’s sharp teeth, companies hoping to achieve compliance will need to invest their time and resources into fully understanding and implementing the new requirements. They will also need to make GDPR compliance a top priority not only for their legal and IT departments, but also for their business leaders. And given the complexity of the new law and the amount of changes to organizational data processes the GDPR will require, the time to begin preparing for it is now.