New research of European businesses, conducted by Kaspersky Lab, has revealed surprising variations in the levels of preparedness for the General Data Protection Regulation (GDPR). With less than nine months to go before the regulations become enforceable, there’s a surprising – and worrying – inconsistency of readiness levels across IT decision makers in Europe. Comment from Adam Maskatiya, General Manager, UK & Ireland – Kaspersky Lab.

With businesses that process personal data within the EU continuing to grapple with their GDPR obligations, Kaspersky Lab set out to shed further light on the levels of awareness and preparedness for the regulation across Europe. Despite its decision to leave the EU, the UK will still fully comply with the GDPR. It joins France, Germany, Italy, Spain and the Netherlands in demonstrating much higher levels of readiness compared to their counterparts in Belgium, Portugal, Denmark and Norway.

When it comes to being aware of the GDPR, due to come into force on 25 May 2018, Belgian IT professionals ironically showed the lowest levels of awareness by a considerable degree – despite the law being passed in their capital. Worryingly, considering the potential financial penalties of non-compliance (up to 4 percent of an organisation’s global turnover), a third (32 percent) stated they had no awareness other than hearing the name and 16 percent admitted they had no awareness at all.

This response was in stark contrast to the UK, where half (49 percent) of respondents felt they have a good knowledge of the GDPR, closely followed by France (47 percent), Germany (46 percent) and Italy (46 percent). This is certainly positive news for consumers, who are now paying more attention to how businesses handle their personal data.

The low level of awareness displayed by Belgian employees also translates into a lack of confidence in the ability to comply with GDPR, with 29 percent of IT professionals in Belgium believing their organisation will not be fully compliant by the deadline, compared to only 13 percent in Italy and 18 percent in Spain. In addition, a third (33 percent) of IT decision makers in Belgium and 46 percent of those in Norway admitted they are not confident that those responsible for handling personal data in their organisations are aware that existing laws are changing.

The outlook is more positive for the EU “big five,” which are leading the way in terms of preparation. Four out of five of those questioned in the UK (82 percent), France (82 percent), Germany (84 percent), Italy (85 percent) and Spain (84 percent) stated that preparations are well underway. However, 29 percent of IT professionals in Denmark have made little or no preparations, closely followed by Portugal (26 percent), Norway (25 percent) and Belgium (18 percent).

One in five (19 percent) Belgian IT professionals are also unsure if preparations within their company have even started – a serious concern given that businesses have less than a year to become compliant, or face the risk of hefty financial penalties and reputational damage.

“The lack of awareness and action towards the GDPR by the IT profession across pockets of Europe is worrying. Many businesses are putting themselves and their clients at risk by not making vital preparations and changes now to the way personal information is harvested and secured. Many of the businesses affected by the legislation will have operations across Europe so the preparation gap is particularly alarming as such businesses should be sharing information about compliance across their business and have a clear point of responsibility within their company.

“The deadline is the same for every company no matter their size, industry or location, so action needs to be taken now to get data handling practices up to scratch before the wrath of the regulators makes the impact of GDPR a bitter pill to swallow, rather than a good thing for the data health of an organisation,” commented.

Adam Maskatiya, General Manager, UK & Ireland. The research questioned over 2,000 IT decision makers in organisations with more than 50 employees. It was conducted in 11 European countries; the UK, France, Germany, Italy, Spain, Belgium, Netherlands, Portugal, Sweden, Denmark and Norway.