Who is more prepared for GDPR? The UK, Europe or the US?


GDPR preparation should be dominating boardroom and IT discussions as the May 2018 deadline approaches.

But how exactly are IT departments preparing for the General Data Protection Regulation (GDPR)? Research from Spiceworks seeks to answer this, and it found that IT professionals in the UK are more prepared and informed about GDPR than the rest of the EU and the US.

IT departments in the UK are also more supportive of GDPR, despite being the most concerned about potential fines.

The results showed 40% of organisations in the UK have started to prepare for GDPR, compared to only 28% in rest of the EU and 5% in the U.S. Additionally, only 5% of IT professionals in the UK, 2% in rest of the EU and 2% in the US believe their company is fully prepared for GDPR. 43% of IT professionals in the US don’t believe GDPR will impact their organisation at all, compared to only 3% in the UK and 9% in the rest of the EU.

>See also: GDPR compliance: what organisations need to know

Among those that do believe they’ll be impacted, the results showed IT professionals in the UK are the most concerned about potential GDPR fines if their organisation doesn’t comply.

32% of IT professionals in the UK are concerned about potential fines, compared to 29% in the rest of the EU and only 10% in the US. However, only 9% of IT professionals in the US and 36% in other EU countries believe they’re informed about GDPR and its impact on businesses, compared to 43% in the UK. Whether informed or not, however, it remains to be seen whether this will actually aid UK firms in implementing an effective GDPR strategy. But it can’t hurt.

“Some organisations believe they’ll be exempt from the EU-centric regulations and potential fines, but a massive knowledge gap still exists around how GDPR will impact businesses,” said Peter Tsai, senior technology analyst at Spiceworks.

“Considering GDPR impacts every organisation in the world that collects data on EU residents, many IT departments might have to scramble next year to comply with the regulation if they incorrectly assume GDPR doesn’t apply to them.”

Nearly half of IT departments aren’t preparing for GDPR due to a lack of prioritisation

Organisations that plan to prepare for GDPR are taking steps to document processes to prove compliance, while other common steps include training employees, conducting data audits, changing data management policies, and working with third-party consultants.

>See also: GDPR: the good, the not so bad and the opportunities

However, 15% of IT departments in the UK, 14% in the rest of the EU, and 21% in the US have no plans to prepare for GDPR in the next 12 months. Among those IT departments, nearly 50% said they aren’t preparing because it’s not a priority at their organisation. Many IT professionals also don’t understand the requirements while others lack the time, resources, and budget necessary to prepare.

Many IT professionals support GDPR but believe it will make their jobs more difficult

Although most businesses are not currently preparing for GDPR, the results show 65% of IT professionals in the UK and 59% in the rest of the EU are in favour of the data privacy regulations contained within GDPR. By contrast, only 37% of IT professionals in the US are in favour of the regulations.

Despite their support for GDPR, many IT professionals have concerns about the upcoming deadline in May 2018. More than one-third of IT professionals said the steps to comply are unclear while others are concerned their management doesn’t understand the impact of the regulations.

Additionally, many IT professionals are worried GDPR will increase complexity in the IT market, make their jobs more difficult, and require a significant amount of user training.

>See also: GDPR: What do you need to know?

“No matter if you live in the US or the EU, it’s important to at least start researching how GDPR may (or may not) apply to your organisation,” said Brian Sandison, network and server technician based in Scotland.

“IT departments have a duty to ensure management understands the requirements and implications of these regulations so they’re not caught off guard. Because if a company disregards the regulations and gets fined, the blame will more than likely be placed on the IT team.”


The UK’s largest conference for tech leadership, TechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...