G is for Global, Except for GDPR

What is GDPR? For organizations holding information on individuals that must consider data privacy requirements, the G stands for “General” as the General Data Protection Regulation. Is G not for Global? Occasionally I hear someone incorrectly refer to “Global” regarding the G in GDPR. Beyond the G, there seems to be some confusion  about GDPR and its relevance and the need to prepare for its arrival in May 2018 and its applicability to organizations that are outside the European Union. HyTrust recently concluded its 2017 Cloud Adoption Survey in which we posed specific questions to survey participants about GDPR and their use of cloud infrastructure.

In the survey, we asked participants at VMworld 2017 in Las Vegas “Is your organization concerned with and/or making plans to meet GDPR requirements for your private/public infrastructure?” The results showed a lack of preparation and perhaps misunderstanding of how GDRP requirements might affect their infrastructure. Roughly 80% were unaware, unprepared or not concerned.

It was a bit surprising that 29% were unaware of GDPR’s relevance for their organization. Perhaps those who run the infrastructure are less aware of GDPR than their risk or data protection counterparts. To implement the policies mandated by GDPR, infrastructure needs capabilities for controls that can enforce the policies captured on paper.

Some were informed yet unprepared with 27% stating that they were concerned about GDPR but have no plan in place. Time is running out for them. May 25, 2018 is less than one year away. According to Gartner research, 50% of organizations with GDPR requirements will not be in compliance by May 25th, 2018. This is about six months after GDPR regulations take effect.

It is true that GDPR will not all companies and perhaps the 23% who responded that they were neither concerned and nor had a plan in place may indeed be all set. It doesn’t hurt to check again, make certain.

Good news. Roughly 21% stated they do have concerns about GDPR and have a plan in place. Their preparedness may lead to some low-stress, free time between now and May 25, 2018.

In addition to questions about GDPR, the survey looked at cloud platform adoption, key risks to public and private cloud adoption, and current plans for container adoption. You can download the full 2017 Cloud Adoption Survey report and the GDPR survey results infographic here.