As the deadline grows closer for complying with the General Data Protection Rule (GDPR) being put into effect May 25, 2018, by the European Union, there’s a marked difference in attitudes between IT organizations in Europe and in the U.S. concerning the need to rely on third-party expertise.
A survey of 779 IT professionals based in Europe, the U.K., and the U.S. conducted by Spiceworks, an online community of IT professionals, finds that 46 percent of the respondents based in Europe are likely to rely on third-party consultants for help with GDPR compliance. In contrast, the survey finds only 33 percent of the respondents based in the United Kingdom plan to do so, and among respondents based in the U.S. that number drops to 29 percent.
Whether those numbers increase as the deadline for compliance approaches remains to be seen. After all, potential fines of up to 20 million euro or 4 percent of total revenue have a way of focusing the attention of senior managers in any organization. But for now, the survey finds that only 43 percent of IT professionals in the U.K. and 36 percent in the rest of the EU said they’re informed about GDPR and how it affects their business. Only 9 percent of IT pros in the U.S. claim to have a similar understanding. That suggests that as the deadline approaches there’s going to be a significant rush to comply, especially among U.S. companies that aren’t fully aware that GDPR applies to any organization conducting transactions with consumers residing in the EU.
Who’s prepared for GDPR — and who’s not
In fact, the Spiceworks survey finds that only 2 percent of IT pros in the U.S., 5 percent in the U.K., and 2 percent in the rest of the EU believe their companies are fully prepared for GDPR. Surprisingly, IT professionals in the U.K. are further along than their EU colleagues. The study finds a total of 40 percent of IT pros in the U.K. have started to prepare for compliance, compared to 28 percent in the EU and only 5 percent in the U.S.
In comparison, 15 percent of U.K. respondents, 14 percent of European respondents, and 21 percent of U.S. respondents don’t have any plans in place yet. Surprisingly, 43 percent of the respondents in the U.S. said they don’t think GDPR will affect their organization. That suggests there’s a significant gap in appreciation for how simple it is for anyone in the world to procure almost anything online from anywhere.
But even when IT professionals say they are aware of GDPR, they doesn’t necessarily appreciate the complexity of the challenge. GDPR will ultimately change the way data is managed across the entire organization. Savvy managed service providers should be crafting a rich portfolio of data management services. In the meantime, MSPs should be able to count on the IT vendor community to help raise awareness. A steady drumbeat of news and associated marketing campaigns should help make GDPR a much more pressing issue for IT leaders by the end of summer. As that education process continues, MSPs should expect to see a corresponding uptick in the number of organizations looking for some much-need external GDPR expertise as well.