NetApp’s global research has found that IT decision makers across the USA, UK, France and Germany believe GDPR will benefit their business when it comes to giving them the competitive edge. But while almost half (44%) believe GDPR will improve their position amongst all competitors, business readiness for the regulation is at odds with its perceived value, with almost two-thirds (61%) saying they’re not ready to cater to the required anonymisation of personal data, for example. Despite this, the findings demonstrate that a high level of preparation has taken place in the last two years.
· 44% believe GDPR will give their business a competitive advantage
· 63% say their data infrastructure is ready for the GDPR’s personal data encryption requirements, but 61% are not yet ready for the anonymisation of personal data
· In the last two years, 47% of businesses have received and implemented data strategies based on external recommendations
Global businesses expect boost from GDPR – but not all are on board
Globally, hopes are high for enhanced competitiveness thanks to the GDPR which comes into effect on May 25th, 2018. However, the regional outlook is more polarised with the US showing the most optimism and UK respondents exercising more of a cautionary outlook:
· Almost two-thirds (65%) of US respondents say GDPR would improve their position against all competitors – France and Germany were also optimistic with 42% and 36% agreeing.
· However, the UK figures highlight a more pessimistic outlook with 30% saying it would improve their position.
· Globally, the average percentage of respondents who believe GDPR will give them no competitive advantage is 6%, but notably the number of UK businesses that believe there is no competitive advantage to be gained is more than double this (13%).
GDPR requirements under review – anonymisation, breach notification and encryption
GDPR compliance is based on a complex set of requirements, which will affect businesses differently. The survey findings show that two of the more commonly cited elements – anonymisation and the ability to notify authorities of a data breach within 72 hours – are also currently the least catered to by businesses, while readiness for the encryption element is better catered for:
· Over half (58%) of German businesses are not ready to cater to the requirement for the anonymisation of personal data. Meanwhile, 61% of US, 66% of UK and 69% of French businesses do not yet have the infrastructure for anonymisation.
· Similarly, almost two-thirds (65%) of German businesses are not ready to meet the 72 hour breach notification requirement. European readiness plateaus around this mark, with 60% of French, 55% of US and 54% of UK businesses also not yet ready to cater to breach notification turn-arounds.
· However, businesses fair better when it comes to encryption of personal data. Over two-thirds (69%) of UK businesses are prepped for encryption and similarly, 64% of US, 63% of French and 57% of German businesses are ready.
Enterprise divided on best approach to GDPR compliance
Businesses have taken proactive steps in the last two years in preparation for GDPR, with external consultancy and internal reviews providing the core stepping stones towards compliancy. The survey results highlight the regional differences in proactivity – with the US trailblazing when it comes to seeking external consultancy with GDPR experts and UK businesses favouring an internal approach:
· US businesses proved to be the most proactive, with 63% seeking external consultancy from GDPR experts – similarly (48%) of French businesses also took this approach. Meanwhile, 39.7 % of German businesses and 34% of UK businesses went with the external approach.
· UK businesses were more likely to take an internal approach, with a review of how they handle data as a business influencing their GDPR strategy (44%).
· Meanwhile, 48% of US, 45% of French and 38% of German businesses prioritised the internal review approach.
Alexander Wallner, Senior Vice President & General Manager EMEA, NetApp: “It is fantastic to see how optimism around the benefits of GDPR transcend geographical borders. Indeed, according to NetApp’s research, businesses have been busy in the last two years, paving the road to compliance. Their attitudes are also changing: enterprises have understood that they have much to gain from a thorough spring clean of data management practices. And with the benefits of an enhanced competitive edge after the deadline, this is a ‘win win’ situation for businesses and consumers alike – for many years to come.”