With exactly one year to go until the GDPR compliance deadline, UK firms are the most pessimistic about its impact on the business, according to a new global study from Varonis Systems.
The cybersecurity vendor polled 500 IT decision makers in the UK, US, France and Germany to better understand their attitudes to the sweeping new privacy law set to land on 25 May 2018.
Over half (56%) of UK respondents said they thought the GDPR would force their firm to increase prices for their customers and add more complexity for IT teams.
In addition, nearly a quarter (22%) said they see no benefit to their business from the tighter data protection requirements it stipulates, while just a third (37%) said they thought it would actually reduce breaches.
In the US, the latter figure was 53%.
UK firms might be under extra pressure to meet the May 2018 compliance deadline, as just 15% of British respondents said they have separate budgets to meet the regulations, far less than in the US where 52% have separate budgets.
Globally, three-quarters of firms said they’d struggle to meet the deadline, while a worrying 42% claimed it’s not a priority for their business, despite huge potential fines in the offing for non-compliance.
Varonis director of sales engineers, Matt Lock, argued that there’s still time but organizations need to start their efforts now.
“The initial tasks of identifying PII information can take time but once this task is complete decisions can then be made about what data is needed and what can be disposed of,” he told Infosecurity Magazine.
“Organizations must delete what's not required as they have vast amounts of data and much of it is stale. A lot of time and effort that is spent governing this information is time wasted so they must remember that if data is not held it can't be stolen.”
Lock also urged organizations to get business data owners involved as early on as possible in the process.
“They have the insight into the data's value to the company. This understanding will not only help improve the accuracy but will inevitably speed up the whole task ahead,” he argued.
“The data guardians will reduce the time it takes to get control of both the data and the access, which are two key principles of GDPR.”