Photograph by Carl Court — Getty Images

Firms Are in Denial About the EU’s Coming Privacy Law, Survey Suggests

Oct 11, 2016

The world's toughest privacy law will go into force in Europe 18 months from now, and so far, the strategy of many IT professionals appears to be "pretend it's not happening." That's the takeaway from a survey published today by Dell that suggests most firms are unprepared for the EU's General Data Protection Regulations.

This collection of laws (known as GDPR) passed earlier this year, and will introduce a spate of stiff compliance measures and eye-watering penalties for companies that don't take a series of steps to manage data. For instance, firms will have to:

  • Hire a data protection officer
  • Introduce "privacy by design" to their workflow
  • Get explicit consent to use a wide variety of data
  • Increase opt-out and data portability options

If they don't comply, companies face a maximum fine of 20 million euros or 4% of total revenue—whichever is greater.

According to the Dell survey, which polled 821 IT professionals across the globe, 80% said they knew little or nothing about the GDPR, while 97% said their companies didn't have a plan in place to implement the new law.

According to Michael Tweddle, a Dell executive, the survey also suggested that the IT crowd felt most confident about being able to comply with impending rules related to email security, but much less so when it came to those related to document access. (Under the GDPR, companies will have to create procedures that limit who can access shared files hosted on platforms like Dropbox or SharePoint.)

The lack of readiness described in the survey could be an ominous sign for companies, especially those outside the EU that do business with European citizens, given the recent assertiveness of privacy regulators on the continent.

Firms will, presumably, start paying more attention as the GDPR implementation date of May 2018 draws closer. And it's a safe bet corporate legal departments are tuning into the rules, even if the operation crowd is not (law firm Allen & Overy has a good briefing here).

Finally, it will be curious to see if politicians in Europe, where the economy is still limping, will decide to flinch and water down or defer the regulations if compliance costs prove too high.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions