GDPR is at the forefront of our conversations with clients, as more and more IT leaders in the U.S. are increasingly recognizing how GDPR rules will affect them.
Last week ComputerWeekly.com posted a story noting that “most U.S. companies risk fines for non-compliance with new European data protection laws that apply to all organisations processing any personal data of EU citizens.” However, according to a recent poll
by cloud security firm HyTrust, as reported in the same story, only 22 percent of U.S. organizations are concerned about the GDPR and have a plan in place.
The HyTrust survey found that more than half of the respondents, which come from various industries including government, finance and healthcare, said their organizations were either not concerned about GDPR or were unaware of its relevance to their business.
More than a quarter of the respondents said they are
concerned about GDPR, but they still don’t have a plan in place.
Not surprisingly, then, a survey from Gartner
predicts that by the end of 2018, more than 50% of companies affected by GDPR will not be in full compliance with its requirements. And lack of compliance could lead to hefty fines.
For help getting started with your companies GDPR readiness, contact us for a document showing how GDPR requirements map onto the more familiar NIST Cybersecurity Framework.
Among resources posted around the web, take a look at IT security firm CyberArk’s useful series of checklists
for companies to use to assess readiness for the upcoming changes. The lists are broken down into four fundamental sections companies should focus on when it comes to securing and protecting personal data:
- Protecting access
- Responding rapidly to a breach
- Assessing risk to personal data
- Demonstrating compliance
With just over six months before the changes take place, now is the time to turn awareness into action.
See our past posts on GDPR: We started with what GDPR is and why it’s important, and we followed up by outlining the consequences of not being compliant. We’ve also shared changes to expect under GDPR and highlighted how GDPR is designed to protect data subjects.