Most European organisations are unlikely to be ready for GDPR, with the DACH region showing up as least prepared. A new PAC/CXP Group study finds that only 19% of European organisations are ready for the full roll-out of the General Data Protection Regulation (GDPR). The report “Moving beyond the GDPR” is based on briefings with more than 200 senior business and IT executives at medium-sized and large companies operating across manufacturing, services and the public sector in Europe.
According to the survey results, the UK is pitching itself as the most GDPR-ready European country, with 67% of UK respondents saying they will be ready by May. Surprisingly, the traditionally data-sensitive German, Austrian and Swiss region (DACH) is the least ready at 54%.
The findings show that only 5% of European organisations are making the Data Protection Officer a new hire, with 26% either relying on existing personnel or extending the responsibilities of their existing privacy officers to support GDPR. Some 28% are simply handing the responsibility to the head of IT or CIO.
A significant 85% of respondents feel GDPR compliance would improve personal data classification and protection, and 63% think it should improve detection of breaches.
Paul Fisher, research director at PAC, said: “The results for our research conducted so close to the introduction of GDPR give the best indication yet of GDPR readiness across Europe and how organisations will adapt beyond the May 25th deadline. Despite Brexit, results show UK organisations to be taking the regulation very seriously, showing their commitment to data privacy and the changing data environment.”