momius - stock.adobe.com

GDPR fines may affect almost 80% of US firms, poll shows

Most US companies risk fines for non-compliance with new European data protection laws that apply to all organisations processing any personal data of EU citizens

 Most organisations with cloud infrastructure are unprepared to comply with the EU’s General Data Protection Regulation (GDPR), a survey has revealed.

Only 22% of US organisations are concerned about the GDPR and have a plan in place, according to a poll of 323 attendees of VMWorld 2017 by cloud security firm HyTrust.

The survey included respondents from key industries, including government/military, financial/insurance, healthcare/biotech, manufacturing, transportation/shipping and technology.

More than half (51%) of respondents said their organisation is either not concerned about GDPR or is unaware of its relevance to their business.

Although more than a quarter (27%) of respondents said they are concerned about GDPR, they still have no plan in place, despite the deadline for compliance being just over six months away.

The GDPR not only applies to organisations within the EU, but also to those located outside of the EU if they process and hold the personal data of residents within the EU, regardless of the company’s location.

“If you think GDPR doesn’t apply to your organisation, think again,” said Eric Chiu, founder and president of HyTrust. “The survey results were surprising, revealing that many organisations are unprepared or have not perhaps taken the time to assess the impact GDPR requirements may place on their cloud infrastructure.

Read more about General Data Protection Regulation compliance

“Most organisations today are very aware of their security risks, but are not as far along with technology and processes to meet the GDPR compliance requirements, despite a 25 May 2018 deadline that brings significant fines for failure to comply.”

According to HyTrust, the survey findings are an important call to action for the vast majority of multinational companies based in the US.

Immediate steps include:

  • Identify what data they store and process for European citizens, its location and path.
  • Determine whether their organisation needs to deploy additional tools to protect private data.
  • Allocate budget and resources now to implement governance processes and control – or pay heavily later.

Organisations that fail to comply with the GDPR could be hit with fines of up to 4% of their annual revenue or €20m. Despite this, less than 50% of all organisations affected will be fully compliant by the deadline, according to Gartner, while the Close Brothers Business Barometer shows there is still much work to be done before UK SMEs are fully prepared for the GDPR.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Privacy and data protection

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close