With the deadline for GDPR compliance a year away, one-quarter of respondents to a new survey by cybersecurity firm Guidance Software say they are not going to be ready to meet the May 2018 deadline.
GDPR will require many companies headquartered outside of the EU to comply with European data protection rules, but some companies are much farther along than others in the planning process.
According to Guidance Software, who surveyed 225 senior-level IT security executives from the U.S. and U.K. last month, only 15.7 percent of companies are in advance planning for GDPR.
Experts have urged cloud providers to start evaluating their systems and processes now to ensure they protect data adequately under the new regulation.
Forty-three percent of organizations with $1 billion or more in revenues currently have processes that can identify data records of any EU citizen and determine where that data is being processed, the report said, compared to 26.8 percent of organizations with less than $100 million in sales.
Smaller companies are being helped along by firms like Microsoft, which is holding workshops and webinars to help customers and partners meet the deadline, calling obligations related to GDPR compliance a shared responsibility.
The top activities to be GDPR compliant are using procedures for the anonymization of personal data, conducting a full audit of EU personal data manifestation, and evaluating all third-party partners that access personal data transfers.
According to the report, more than half of companies surveyed have not begun the process of evaluating third-party products.
Twenty-three percent of respondents said that hiring and training a qualified Data Protection Officer was a high priority for the organization, compared to 15.4 percent who named it a low priority.