Some 61% of UK respondents said their organization would be ready in time, versus 46% in the rest of the EU and just 25% in the US. However, that means most firms internationally do not think they’ll make the compliance deadline.
That’s not necessarily an issue: as long as organizations can prove they are taking concrete steps on the journey towards compliance the chances are that will be enough in the early days of the regulation to appease the likes of the ICO.
In fact, information commissioner, Elizabeth Denham, has claimed in the past that the UK regulator would not be looking to fine firms from the start.
“It’s scaremongering to suggest that we’ll be making early examples of organisations for minor infringements or that maximum fines will become the norm,” she wrote in a blog post last year.
“The ICO’s commitment to guiding, advising and educating organisations about how to comply with the law will not change under the GDPR. We have always preferred the carrot to the stick.”
This may be why just 14% of UK respondents, 9% of EU organizations and 3% of US IT professionals told Spiceworks they believe they’ll be fined for non-compliance.
Unsurprisingly, UK firms are both further ahead in their preparations and spending more time on GDPR compliance. Over 60% said they’re conducting data audits and documenting processes versus less than half of EU organizations and less than a third of US firms.
Also, 30% of UK IT pros expect their department to spend more than 120 hours preparing for the regulation, compared to 25% of EU respondents and even fewer (18%) US IT professionals.
In fact, a lack of time and resources was given as the number one reason for missing the deadline by UK (60%) and EU (64%) respondents, although in the US it was the fact that the GDPR is not a priority (40%).
All global organizations will be forced to comply with the regulation if they hold or process data on EU citizens.