momius - stock.adobe.com

GDPR fines may affect almost 80% of US firms, poll shows

Most US companies risk fines for non-compliance with new European data protection laws that apply to all organisations processing any personal data of EU citizens

 Most organisations with cloud infrastructure are unprepared to comply with the EU’s General Data Protection Regulation (GDPR), a survey has revealed.

Only 22% of US organisations are concerned about the GDPR and have a plan in place, according to a poll of 323 attendees of VMWorld 2017 by cloud security firm HyTrust.

The survey included respondents from key industries, including government/military, financial/insurance, healthcare/biotech, manufacturing, transportation/shipping and technology.

More than half (51%) of respondents said their organisation is either not concerned about GDPR or is unaware of its relevance to their business.

Although more than a quarter (27%) of respondents said they are concerned about GDPR, they still have no plan in place, despite the deadline for compliance being just over six months away.

The GDPR not only applies to organisations within the EU, but also to those located outside of the EU if they process and hold the personal data of residents within the EU, regardless of the company’s location.

“If you think GDPR doesn’t apply to your organisation, think again,” said Eric Chiu, founder and president of HyTrust. “The survey results were surprising, revealing that many organisations are unprepared or have not perhaps taken the time to assess the impact GDPR requirements may place on their cloud infrastructure.

Read more about General Data Protection Regulation compliance

  • Most UK small businesses in the dark over GDPR.
  • The General Data Protection Regulation comes into force in May 2018. We explore common myths surrounding GDPR.
  • Experts discuss how to make sure your organisation is ready for GDPR compliance, how it will affect the business and what it actually means.
  • A last dash for compliance with GDPR has begun across Europe and, despite the advance warning, some organisations will fall short.

“Most organisations today are very aware of their security risks, but are not as far along with technology and processes to meet the GDPR compliance requirements, despite a 25 May 2018 deadline that brings significant fines for failure to comply.”

According to HyTrust, the survey findings are an important call to action for the vast majority of multinational companies based in the US.

Immediate steps include:

  • Identify what data they store and process for European citizens, its location and path.
  • Determine whether their organisation needs to deploy additional tools to protect private data.
  • Allocate budget and resources now to implement governance processes and control – or pay heavily later.

Organisations that fail to comply with the GDPR could be hit with fines of up to 4% of their annual revenue or €20m. Despite this, less than 50% of all organisations affected will be fully compliant by the deadline, according to Gartner, while the Close Brothers Business Barometer shows there is still much work to be done before UK SMEs are fully prepared for the GDPR.

Read more on Privacy and data protection