Symantec has revealed that the majority of businesses are underprepared for the EU's General Data Protection Regulation (GDPR) coming into effect in 2018, leaving them open to hefty fines should their practices not adhere to the stricter rules.
The security firm's research revealed that 90% of businesses think it will be hard for them to delete customer data of they receive a request and only 40% of companies have a system in place that allows them to do so.
More concerning is that 35% of business and IT decision makers don't think their company takes an ethical approach to securing and protecting customer data.
"These findings show businesses are not only underprepared for the GDPR they are underpreparing," said Kevin Isaac, senior vice president of Symantec. "There is a significant disconnect between how important privacy and security is for consumers, and its priority for businesses. The good news is there's still time to remedy the situation if firms take immediate action."
The biggest challenge businesses face is not having the knowledge in-house to be able to deal with the changes. A total 96% of companies don't understand the GDPR, while 91% don't think they will be able to meet the demands of it.
"Whether companies will successfully navigate the GDPR regulation hinges on their willingness to embrace privacy by design," Peter Gooch, cyber risk partner at Deloitte, said. "They must also understand that good security and privacy processes can provide a substantial competitive advantage and be a driver in gaining consumer trust, in addition to being driven by regulatory requirements."
In fact, only 22% have made complying with the European security demands a priority over the next two years, meaning it's likely to be put on the backburner for a lot of companies.
"Businesses should recognise that privacy, security and compliance with GDPR are extremely important brand differentiators," said Isaac. "Businesses' response to the GDPR should become a core element of organisational design and culture. Adopting a fragmented, piecemeal approach as part of a tick box exercise will create more problems than it solves."
Symantec's report revealed that consumers have a very different approach to GDPR, finding that 88% of European consumers think data security is the most important factor when choosing a company and 86% think the protection of their data is more important than the product quality.
While the GDPR may no longer apply to the UK directly following Brexit, the UK is likely to devise its own, similar, rules in order to continue trade with the EU.
