Frightening lack of awareness of the European Commission's draft bill that unifies and simplifies data protection across 28 countries within the EU
LEXINGTON, Mass. – November 12, 2014 – Ipswitch™ announced the results of a European online survey* to test the attitudes of IT professionals towards regulation and compliance issues for 2015.
The results indicate a shocking lack of awareness and preparedness for the planned EU General Data Protection Regulation (GDPR). The regulation is due to come into effect in late 2014/early 2015 and is designed to unify and simplify data protection across 28 countries within the European Union (EU. The GDPR includes a strict data protection compliance regime with severe penalties of up to 100M EUR or up to five percent of worldwide turnover for organisations in breach of its rules.
Compliance Challenges Ahead for Those Who Don't Know GDPR or its Timing
The Ipswitch survey revealed that more than half (56 percent) of respondents could not accurately identify what 'GDPR' means. Over half of respondents (52%) admitted they were not ready for GDPR, and over a third (35%) confessed to not knowing whether their IT policies and process were up to the job. while only a mere 12 percent of respondents felt ready for the change.
A further 64 percent of respondents also conceded they had no idea when this regulation is due to come into effect. Only 14 percent of respondents could correctly identify that the GDPR is due to come into effect in late 2014/early 2015.
Understanding and Preparing for GDPR is a Priority for Only Thirteen Percent of Respondents
Despite the lack of awareness of regulatory change, when asked about priorities for 2015, only 13 percent said they planned to spend more time understanding and preparing for regulation. A quarter (26%) said they wanted to spend more time reviewing and tightening security policies and a further quarter (26%) said they wanted to be able to spend less time on manual reporting and auditing.
In addition to testing the readiness of IT professionals, the survey also revealed that very little thought has been given to whether an organisation's Cloud Service Provider (CSP) is ready for the change. Although 79 percent of those surveyed retained the services of a CSP, only six percent of them said that they had thought to ask them whether they were ready for the GDPR.
Overall, German IT professionals proved to have most awareness of GDPR, with almost half (49%) correctly identifying that GDPR stood for the General Data Protection Regulation. Only a quarter (26%) of the British surveyed knew, and just over a third (36%) of the French. Likewise, respondents from Germany also felt most confident in their preparedness with almost one fifth (17%) confident enough to say they felt ready for the draft Bill to be passed.
The British were highlighted as most likely to store personal sensitive data in the cloud. They were the nation most likely to be concerned about the security of nude photos stored in the cloud. Seven percent of British IT professionals confessed to having concerns about the safety of 'images of a personal nature', whilst only three percent of French and two percent of German IT workers said they had sleepless nights over the security of naked photos in the cloud.
Key Survey Findings from the UK
- Insights into GDPR awareness
- 63 percent admitted to having no idea what 'GDPR' stood for, in fact, eight percent of respondents thought it stood for General Device Protection Rules
- 73 percent said they didn't know when the GDPR was due to come into effect
- Only 12 percent of respondents felt ready for the GDPR
- 75 percent of IT professionals retained the services of a CSP
- Only five percent of IT professionals have asked their Cloud Service Provider if they are prepared for GDPR
- In 2015…
- 42 percent of IT professionals want to spend more time planning and less time troubleshooting
- 29 percent want to spend more time reviewing and tightening security policies
- 22 percent want to spend less time on manual reporting and auditing
- 13 percent want to spend more time understanding and preparing for regulation and compliance
- Seven percent want to spend less time worrying about the security of their personal nude photos stored in the cloud
Alessandro Porro, Vice President of International Sales at Ipswitch, commented, "GDPR includes an obligation to protect personal data across the borderless enterprise. IT Professionals should review and bolster their data processing policies and practices now, before the regulation comes into effect."
The Ipswitch MOVEit™ managed file transfer system helps IT teams support GDPR requirements in the following ways:
Protecting Personally Identifiable Information (PII)
- Support for secure open standard transfer protocols
- End-to-end encryption, guaranteed delivery and non-repudiation
- Automated file management policies
- Automated file exchange
- Managed ad hoc exchange
- Policy based file access and data loss protection (DLP)
Managing System Exposure
- High availability and disaster recovery
- Monitoring and reporting for auditing and forensics
- Trading partner provisioning and management
* Ipswitch online survey of 316 IT Professionals was conducted in October 2014 and included 104 responses from the UK, 101 responses from France, and 111 responses from Germany.
Ipswitch helps solve complex IT problems with simple solutions. The company's software is trusted by millions of people worldwide to monitor networks, applications and servers, and transfer files between systems, business partners and customers. Ipswitch was founded in 1991 and is based in Lexington, Massachusetts with offices throughout the U.S., Europe, Asia and Latin America. For more information, visit www.ipswitch.com.