More than two thirds (68%) of IT professionals say keeping up to date with changing data protection regulatory requirements is a financial burden on their business, new research has revealed.

British businesses feel most strongly about this (77%), compared with 66% in France and 61% in Germany.

This is according to the results of a study released today by Ipswitch, which surveyed European businesses on how they are preparing for the EU’s new data protection regulation, the General Data Protection Regulation (GDPR).

The GDPR draft has been passed by EU Parliament and is due to become law by the end of this year. It is expected to impact any organisation that collects, stores, processes and shares personal data on employees, customers or partners.

>See also: New EU data law’s go-live date finally revealed – and why its costs will run into the billions

The regulation is designed to unify and simplify data protection across 28 EU countries and includes severe penalties for non-compliance of up to €100 million or 2% of a company’s annual global turnover.

More than two thirds (69%) of those surveyed said they will need to invest in new technologies and services to help them prepare for the impact of GDPR.

Specifically, 62% think they will need to invest in encryption technologies, 61% in analytic and reporting technologies, 53% in perimeter security technologies, and 42% in file sharing technologies.

More than half (51%) reported that their business has already allocated training budget to help staff understand and comply with GDPR. However, just under a third (30%) have not. 

Almost one fifth (19%) have no idea whether training budget has been allocated.  Businesses in France reported the most instances of training budget having been allocated (56%), compared to 49% in Germany and 48% in the UK.

Half of the IT professionals quizzed said they have allocated internal training resource to help staff understand and comply with the new regulation. However, almost one third, (32%) said they had no internal resource allocated for this yet.

The UK appears to be the least prepared here, with 40% having made no provision – compared to 33% of German and 24% of French counterparts.

Awareness of GDPR and data use

Whilst over two thirds (69%) of respondents acknowledged that GDPR will impact their business, almost one fifth (18%) still had no idea whether changes in the regulation will apply to them. This is despite confirming that they do store and process personal data.

These numbers are, however, an improvement on awareness of the regulation at this time last year, when a compliance survey conducted by Ipswitch revealed that more than half (56%) of respondents could not accurately identify what ‘GDPR’ meant.

Overall, 90% of those surveyed said that their businesses store personal data, 86% process personal data and over a third (40%) share data externally. 

>See also: Five things you need to know about the proposed EU General Data Protection Regulation

Almost two thirds (62%) of those that share personal data said they use email to do so, while a quarter reported using portable storage such as USBs or CDs, 22% the postal system, and 43% cloud-based file sharing websites.

 “It’s encouraging to see that there is far greater awareness of the changes than at this time last year,” said David Juitt, chief security architect at Ipswitch. “Just over half of businesses are starting to prepare with training courses for staff.

“However, whilst IT professionals recognise the need to align data protection regulation to keep up with modern data sharing practices and the globalisation of data, it is clear that compliance comes at a price for most.”