Only 5% of EU companies ready for GDPR compliance – Alert Logic


A survey from Alert Logic has suggested that while most of the surveyed companies (77%) are familiar with the EU General Data Protection Regulation (GDPR), only 5% believe they are compliant with all applicable requirements less than a year before the regulation goes into effect. A further 27% were not confident they will be ready by the time GDPR is enforceable in May 2018.

The European Union General Data Protection Regulation (EU GDPR) goes into effect on May 25, 2018 representing a sweeping change in data privacy regulations.

EU GDPR requires organisations that host data on European citizens to adhere to specific regulations that protect their personal data from being compromised. If companies suffer a data breach, they can be fined up to €20 million or 4% of turnover, whichever is greater.

>See also: GDPR compliance: what organisations need to know

Survey respondents were asked what challenges their company faces in becoming compliant with EU GDPR regulations. The most frequently mentioned challenge is a lack of budget (50%), closely followed by a lack of in-house IT expertise (48%) and limited understanding of the regulations (37%).

“Among the many articles of GDPR, EU companies are most concerned about Article 25, ‘Data protection by design and by default,’ likely because it requires significant system re-design and investment in data protection controls and processes,” commented Oliver Pinson-Roxburgh, EMEA Director at Alert Logic.

While the majority of those surveyed (61%) stated they have a formal process in place to notify authorities in the event of a data breach, only 39% confirmed that they always follow this process.

In terms of the enforcement of GDPR, the survey also revealed that approximately one third of EU-based companies (32%) expect substantial changes to their companies’ security practices and technologies in order to become compliant with EU GDPR policies.

>See also: Only 43% of organisations are preparing for GDPR

Moreover, a further third of organisations expect that regulators will issue a significant number of fines to companies found to be non-compliant; however, 42% expect that only a few organisations will be fined for non-compliance.

“Complying with GDPR is not straightforward. It will require detailed planning and collaboration with all the businesses in your chain, as well as an efficient, solutions-based approach to breach detection,” said Pinson-Roxburgh.

“Security-as-a-Service providers can speed detection and response by drawing from huge pools of data and dedicating threat detection and analyst teams to assess potential incidents and recommend remediation.”

>See also: Practical steps to deal with the GDPR

24×7 security monitoring coupled with market-leading security technology and innovation enables companies to detect more complex attacks, reducing the chances of a cyber criminal hacking a business’ IT infrastructure. Additionally, the ability to gain immediate knowledge of attacks during a breach can assist in an incident response plan and provide evidence to support audit and compliance.

“The age of hoping that breaches don’t happen is beyond us; the intent of these regulations and standards are to help companies improve security, reduce the time to detection and be proactive in identifying as well as protecting their sensitive data,” Pinson-Roxburgh concluded.


The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Data Breach