gdpr: perceptions and readiness - eurocloud france · regulation (gdpr) among individuals...
TRANSCRIPT
1 Sponsored by:
GDPR: Perceptions and ReadinessA Global Survey of Data Privacy Professionals
at companies with European Customers
September 2016
Sponsored by:
2 Sponsored by:2
Research Goal The primary research goal was to understand
perceptions of the General Data Protection
Regulation (GDPR) among individuals responsible for
data privacy at companies with European customers.
Goals and Methodology
Methodology An online survey was fielded to independent sources
of IT and business professionals responsible for data
privacy. Questions were asked about awareness of
GDPR and expected impacts. Dell was not revealed
as the survey sponsor. The survey was field in
English, German, and Dutch.
Participants A total of 821 qualified individuals completed the
survey. All had responsibility for data privacy as a
significant part of their job responsibilities. All worked
at companies with more than 10% of customer
base in Europe.
3 Sponsored by:3
Introduction to GDPR
Description Provided The General Data Protection Regulation
(GDPR) was recently adopted by the
European Union to strengthen and unify
data protection for individuals within the
European Union.
To ensure that feedback was based on existing
knowledge of GDPR, this simple introduction was provided
to participants before continuing into the survey questions. No other
information about GDPR was provided to participants.
4 Sponsored by:
PARTICIPANT DEMOGRAPHICS
5 Sponsored by:5
Participants Represented
CIO, VP or other IT executive
28%
IT team manager 38%
Frontline IT professional
28%
Business executive (<100 employees)
6%
Role
More than 10% of our customers
are in Europe 53%
More than half of our customers are in
Europe 16%
Most of our customers are in
Europe 16%
All of our customers are in Europe
15%
European Footprint
Less than 100 employees
18%
100 - 1,000 employees32%
1,000 - 5,000 employees29%
More than 5,000 employees
21%
Company Size
= “SMB”
= “Enterprise”
6 Sponsored by:6
Regions Represented
Asia Pacific (Australia, New Zealand, Singapore, Hong Kong, India)
9%
United States or Canada 19%
United Kingdom or Ireland 14%
Germany 15%
Sweden 15%
Benelux14%
Europe72%
France, Italy, Spain, Poland14%
7 Sponsored by:
BROAD LACK OF AWARENESS ABOUT GDPR
8 Sponsored by:
How would you characterize your awareness of GDPR?Choose the answer that most closely applies.
Very few aware of the details of GDPR, even at companies based in Europe
Never heard of it before
18%
I knew there was something going
on, but don't know any details
31%
I was aware there are new regulations and know some
details 33%
I am fairly familiar with the regulations but have a lot
more to learn 14%
I am very knowledgeable about GDPR
4%
21%
16%
31%
32%
38%
30%
9%
17%
1%
6%
0% 20% 40% 60% 80% 100%
Outside Europe
In Europe
Never heard of it before
I knew there was somethinggoing on, but don't knowany details
I was aware there are newregulations and know somedetails
I am fairly familiar with theregulations but have a lotmore to learn
I am very knowledgeableabout GDPR
9 Sponsored by:
How would you characterize your awareness of GDPR?Choose the answer that most closely applies.
IT executives most likely to know the details of GDPR
By Job Level
20%
22%
12%
13%
54%
39%
26%
25%
17%
32%
32%
28%
10%
6%
23%
24%
0%
1%
8%
11%
0% 20% 40% 60% 80% 100%
Business Executive
IT Administrator
IT Team Mgr
IT Executive
Never heard of it before
I knew there was somethinggoing on, but don't know anydetails
I was aware there are newregulations and know somedetails
I am fairly familiar with theregulations but have a lot moreto learn
I am very knowledgeable aboutGDPR
n = European participants only
10 Sponsored by:
COMPANIES ARE NOT PREPARED FOR GDPR
11 Sponsored by:
In your opinion, is your company prepared for GDPR today?Choose the answer that most closely applies.
Less than 1 in 3 companies are prepared
Yes 31%
No 37%
I don't know 32%
22%
37%
38%
36%
40%
27%
0% 20% 40% 60% 80% 100%
Outside Europe
In Europe
Yes
No
I don't know
12 Sponsored by:
In your opinion, is your company prepared for GDPR today?Choose the answer that most closely applies.
Germans feel most prepared for GDPR; Benelux least
n = European participants only
By Country
40%
26%
33%
41%
44%
35%
43%
39%
31%
34%
26%
31%
28%
28%
22%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Other European Country
Benelux
Sweden
UK
Germany
Yes
No
I don't know
13 Sponsored by:
In your opinion, is your company prepared for GDPR today?Choose the answer that most closely applies.
Consumer-focused and large companies mostly likely to feel prepared
47%
38%
24%
29%
35%
46%
24%
26%
30%
0% 20% 40% 60% 80% 100%
B2C and B2B
B2C
B2B
Yes
No
I don't know
n = European participants only
By Customer Type By Company Size
32%
41%
35%
38%
32%
21%
0% 50% 100%
SMB
Enterprise
Yes
No
I don't know
14 Sponsored by:
Does your company have a plan to prepare for GDPR?Choose the answer that most closely applies.
97% don’t have a plan to be ready
n = not ready for GDPR today
3% 37% 27% 33%
0% 20% 40% 60% 80% 100%
We have a clear plan in place
We are still working on our plan
We are figuring out who needs to beinvolved to put a plan together
We have not started on our planning
15 Sponsored by:
If GDPR had been fully in effect in the past year, would your
organization have been in compliance with the regulations?
Less than half of Europeans think that they would have been in compliance this year
15%
5%
49%
44%
28%
43%
9%
7%
0% 20% 40% 60% 80% 100%
Outside Europe
In Europe
Definitely in compliance
Probably in compliance
Probably not in compliance
Definitely not in compliance
16 Sponsored by:
How much of a concern is GDPR compliance for your organization?Choose the answer that most closely applies.
82% are concerned about GDPR compliance, concern greatest in Europe
10%
30%
72%
52%
18%
18%
0% 20% 40% 60% 80% 100%
Outside Europe
In Europe
Very concerned
Somewhat concerned
Not concerned
Very concerned 23%
Somewhat concerned
59%
Not concerned 18%
17 Sponsored by:
How much of a concern is GDPR compliance for your organization?Choose the answer that most closely applies.
Larger companies and Germans more likely to be concerned about GDRP compliance
26%
34%
52%
53%
23%
13%
0% 20% 40% 60% 80% 100%
SMB
Enterprise
Very concerned
Somewhat concerned
Not concerned
n = European participants only
By Company Size By Country
24%
10%
32%
33%
46%
66%
63%
43%
53%
40%
9%
27%
25%
14%
14%
0% 20% 40% 60% 80% 100%
Other European Country
UK
Benelux
Sweden
Germany
Very concerned
Somewhat concerned
Not concerned
18 Sponsored by:
How confident are you that your company will be fully ready for GDPR
when the regulation kicks off?Choose the answer that most closely applies.
Most lack confidence they will be fully ready when GDPR kicks off
4%
12%
9%
39%
43%
41%
35%
28%
30%
7%
9%
8%
16%
8%
11%
0% 20% 40% 60% 80% 100%
Outside Europe
In Europe
All
We will definitely be fully ready
I expect we will be fully ready
I am concerned we will not be fully ready
I know we will not be fully ready in time
I don't know
19 Sponsored by:
FULL IMPACT OF GDPR NOT CLEAR
20 Sponsored by:
In your opinion, will GDPR have
an impact on your approach to
DATA SECURITY?
GDPR expected to impact both data security and business outcomes
In your opinion, will GDPR have
an impact on your BUSINESS
OUTCOMES?
Yes, a significant
impact 28%
Yes, a minor impact
55%
No impact 17%
Yes, a significant impact
17%
Yes, a minor impact
49%
No impact 34%
21 Sponsored by:
How much do you think your current data security practices and
technologies will have to change as a result of GDPR?
Majority do expect changes to security will be needed, but most think it will be minor
16%
27%
73%
62%
11%
11%
0% 20% 40% 60% 80% 100%
Outside Europe
In Europe
Significant change
Minor change
No change
Significant change
23%
Minor change 66%
No change 11%
22 Sponsored by:
How do you rate your ability to comply with GDPR given
your current approach to data privacy?
Majority think existing practices will meet GDPR requirements with a few tweaks
8% 58% 27% 7%
0% 20% 40% 60% 80% 100%
We are already compliant and do not needto change
Our existing practices will satisfy some ofGDPR, but we will need to make a fewchanges
We are compliant in a few areas, but needto make significant changes to becompliant
We are not compliant at all
23 Sponsored by:
If GDPR had been fully effect in the past year, would your organization
have faced penalties given your current approach to data privacy?
Lack of knowledge about penalties for lack of compliance
17%
23%
21%
26%
42%
35%
57%
36%
44%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Outside Europe
In Europe
All
Yes
No
I don't know
24 Sponsored by:
What level of penalty would your organization likely have faced if
GDPR had been fully in effect this past year given your current
approach to data privacy?
Lack of knowledge about penalties for lack of compliance (con’t)
n = would have faced a penalty
17% 47% 23% 13%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Severe penalty - A significant financial penaltyand/or a large amount of remediation work andinvestment
Serious penalty - A moderate financial penaltyand/or manageable amount of remediation workand investment
Slap-on-the-hand penalty - Small financial penaltyand/or easy-to-achieve remediation
I don't know
25 Sponsored by:
FEW FEEL PREPARED ACROSS GDPR SECURITY DISCIPLINES
26 Sponsored by:
Which of the following security disciplines has your organization
adopted? Choose all that apply.
Many security disciplines that will help with GDPR have been adopted, but not all
2%
33%
44%
47%
50%
63%
72%
72%
0% 10% 20% 30% 40% 50% 60% 70% 80%
None of these
Access governance (attestation/recertification)
Next generation firewall (NGFW)
Multifactor authentication
Secure mobile access
Privileged account management
Email security
Access management
27 Sponsored by:
Those who have adopted Access Governance much more prepared for GDPR
5%
17%
38%
49%
34%
22%
10%
6%
13%
6%
0% 20% 40% 60% 80% 100%
No Access Governance
Have adopted Access Governance
How confident are you that your company will be fully ready for GDPR when the regulation kicks off?
We will definitely be fully ready
I expect we will be fully ready
I am concerned we will not be fully ready
I know we will not be fully ready in time
I don't know
28 Sponsored by:
Each of the following security disciplines contributes to GDPR
compliance. How well do you feel your current practices and
technologies are equipped to meet GDPR compliance?
Across the security disciplines impacting GDPR, few feel well prepared
21%
29%
31%
34%
36%
40%
47%
38%
36%
36%
39%
41%
44%
36%
22%
19%
19%
15%
11%
6%
7%
20%
16%
14%
11%
12%
10%
10%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Access governance (attestation/recertification)
Next generation firewall (NGFW)
Multifactor authentication
Secure mobile access
Privileged account management
Access management
Email security
Well prepared
Somewhat prepared
Not prepared
I don't know
29 Sponsored by:
OTHER
30 Sponsored by:
What team in your organization currently has primary responsibility for
data protection and compliance including GDPR?
IT expected to take the lead on GDPR
1%
5%
7%
8%
23%
55%
0% 10% 20% 30% 40% 50% 60%
Other
Business operations
Legal
Business management
Security
IT
All By Size
14%
5%
6%
13%
60%
2%
5%
8%
32%
51%
0% 20% 40% 60% 80%
Business management
Business operations
Legal
Security
IT
Enterprise
SMB
31 Sponsored by:
One of the requirements of GDPR is that each company names a
Data Protection Officer (DPO) with direct responsibility for compliance
with GDPR. In your opinion, what is your company’s most likely
approach to appointing a Data Protection Officer?
Most expect to have an in-house DPO
64%
71%
17%
18%
19%
10%
0% 20% 40% 60% 80% 100%
Outside Europe
In Europe
In-house
Outsource
I couldn't even guess
In-house 68%
Outsource 18%
I couldn't even guess 14%
32 Sponsored by:
REGION-SPECIFIC QUESTIONS
33 Sponsored by:
To the best of your understanding, does the United Kingdom’s
vote to leave the European Union mean that your
organization is exempt from GDPR?
Almost a half of those in the UK not clear on the impact of Brexit on GDPR
Yes, our company is exempt
12%
No, we still have to comply
56%
I don't know if it had an impact
32%
n = live in UK
34 Sponsored by:
To the best of your understanding, does working in a region that is not
part of the European Union mean that your organization is exempt
from GDPR?
Almost a half of those outside Europe not clear if GDPR impacts them
n = live outside of Europe
Yes, our company is
exempt 10%
No, we still have to comply
53%
I don't know 37%
35 Sponsored by:35
For more information…
About Dimensional Research
Dimensional Research provides practical marketing research to help technology companies make smarter business decisions. Our researchers are experts in technology and understand how corporate IT organizations operate. Our qualitative research services deliver a clear understanding of customer and market dynamics.
For more information, visit www.dimensionalresearch.com.
About Dell Software
Dell Software helps customers unlock greater potential through the power of technology—delivering scalable, affordable and simple-to-use solutions that simplify IT and mitigate risk. The Dell Software portfolio addresses five key areas of customer needs: data center and cloud management, information management, mobile workforce management, security and data protection. This software, when combined with Dell hardware and services, drives unmatched efficiency and productivity to accelerate business results.
For more information, visit www.dellsoftware.com.