Cloud 101CircleEventsBlog
CSA's Continuous Audit Metrics Working Group is expanding! Help shape the future of cloud assurance.

CSA Official Press Release

Published 04/17/2018

GDPR Preparation and Challenges Survey Report Explores Overall Industry Preparedness in Achieving Compliance

GDPR Preparation and Challenges Survey Report Explores Overall Industry Preparedness in Achieving Compliance

Eighty-three percent of companies lack confidence in their ability to meet May 25 deadline

SEATTLE, WA and SAN FRANCISCO, CA – RSA Conference Booth #1039 - April 17, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the results of the GDPR Preparation and Challenges Survey Report. A leader in cloud security and a CSA Corporate Member, Netskope, commissioned CSA to assess the preparedness of organizations across a wide spectrum of industries in terms of their ability to meet the May 25, 2018, European Union General Data Protection Regulation (GDPR) compliance deadline.

“Even though the articles of the GDPR have been published since April 2016, understanding how to meet those requirements remains a barrier for many organizations,” said Jim Reavis, CEO, Cloud Security Alliance. “Together with Netskope, we wanted to add to the industry’s knowledge and preparedness of GDPR and highlight the GDPR’s impact on the industry.”
“With enforcement of the new regulation beginning in a matter of weeks, not months or years, and with serious monetary penalties at stake, security and privacy can no longer be an afterthought,” said Netskope CEO Sanjay Beri. “Alarmingly, 27 percent of survey respondents reported having little to no familiarity with the GDPR even with the deadline for compliance a little more than a month away. This holds serious implications for enterprises as well as their customers.”

The report collected over 1,000 respondents addressing GDPR challenges in their organizations in such areas as their ability and confidence to achieve compliance; what—if any—organizational plans they have in place; which technology solutions and mechanisms are being used to meet GDPR requirements; what they consider to be the most challenging elements of GDPR in terms of compliance; and the impact of GDPR on company plans for the adoption of new technologies, provider relationships, and budgets.

Among the report’s key findings are:

  • Eighty-three percent of companies do not feel very prepared for GDPR, with companies in the APAC region feeling less prepared than other regions.
  • Fifty-nine percent of companies are making GDPR a high priority. Even so more than 10 percent of companies still have no defined plan to prepare for GDPR.
  • Seventy-one percent of the respondents feel confident that their organizations will meet GDPR compliance in time.
  • Thirty-one percent of companies have well-defined plans for meeting GDPR compliance, 85 percent have something in place, and 73 percent have begun executing that plan.
  • The GDPR’s “right to erasure,” (53%) “data protection by design and by default,” (42%) and “records of processing activities” (39%) were cited as being among the biggest challenges organizations face in achieving compliance.
  • Documentation of data- collection policies (68%), codes of conduct (56%), and third-party audits and assessments (55%) are among the most common tools being used to demonstrate GDPR compliance.

The survey questionnaire was distributed to the open community from January 25 to February 21, 2018, and collected a total of 1,129 respondents used to analyze organizational awareness and preparedness on GDPR for this report.

Download the full GDPR Preparation and Challenges Survey Report.

Last November, in order to help organizations prepare for the upcoming deadline, CSA unveiled the CSA Code of Conduct for GDPR Compliance, a free resource designed to provide much-needed guidance to cloud service providers, cloud customers, and potential customers seeking to comply with the new GDPR obligations. Further resources can be found in the GDPR Resource Center.

About Netskope

Netskope is the leader in cloud security. We help the world’s largest organizations take full advantage of the cloud and web without sacrificing security. Our patented Cloud XD technology eliminates blind spots by going deeper than any other security provider to quickly target and control activities across thousands of cloud services and millions of websites. With full control through one cloud-native interface, our customers benefit from 360-degree data protection that guards data everywhere and advanced threat protection that stops elusive attacks. At Netskope, we call this smart cloud security.

Share this content on your favorite social network today!

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.