Less than half of UK’s businesses have the means to pay fines caused by not complying with the GDPR, a new report by Proofpoint claims. To make matters worse, more than half (54 per cent) actually expect to be breached within 12 months. More than three quarters of UK businesses, however, believe they will be ready for GDPR when it kicks in – in May 2018.
"It's clear that when it comes to GDPR readiness, there is a disconnect. While the majority of UK businesses are bullish about their ability to meet the compliance deadline, our research shows that for many, the basic requirements are not met," says Adenike Cosgrove, EMEA Cybersecurity Strategist, Proofpoint. "With data breaches becoming the new normal and the deadline to comply now less than six months away, the time is now to identify and protect all personal EU data. Failure to do so could lead to financially-significant fines, broken customer trust and in turn, potentially crippling disruption to the business."
The report also looks at trends around data breaches and claims they’re on the rise. This has prompted businesses to invest even more in IT security to try and protect themselves. Most buy cybersecurity solutions, some pair it with cyber insurance, as well.
Businesses also have different approaches when it comes to ensuring compliance with the upcoming regulation. More than half have organised awareness programs, and some have added encryptions and advanced security solutions.
Still, half know what data on EU users their organisations hold.
"Despite having two years to comply, UK businesses are still at a critical risk of exposing data and facing potentially colossal fines as a result," concludes Cosgrove. "Over the next six months, organisations must invest in solutions that will enable them to have clearer visibility over EU personal data, solutions that prevent breaches of identified data, as well as implement solutions that enable them to monitor, detect, and respond to any regulatory violations."
Image source: Shutterstock/Wright Studio