With the deadline for compliance less than a year away, the EU’s General Data Protection Regulation (GDPR) is causing massive confusion among organizations around the world in terms of whether it applies to them and what actions are necessary.

That’s according to the results of a global survey of 1,600 organizations announced by WatchGuard Technologies and conducted by Vanson Bourne, an independent market research firm.

Tracy Hillstrom, WatchGuard’s director of product marketing, tells Channel Partners the key opportunity for the channel is to educate organizations in their target market about the GDPR, consult with them on a plan to become compliant, and provide the solutions and project management services to get it all done in time.

“Over half of the respondents who know that they need to comply agree that they will need to make significant changes to IT infrastructure,” she said. “At least half of these same respondents said that network security measures including firewall, VPN, encryption and web filtering will be part of their compliance strategy; and 58 percent said that they may consider help from outside their organization for GDPR compliance. So, now is a great time for the channel to become very vocal about how they can help organizations to reach compliance before the regulation takes effect. Furthermore, network security providers can guide customers to implement a full range of technologies that prevent attacks, and identify and respond to threats beyond what firewall, VPN, encryption and web filtering can do on their own.”

With the GDPR deadline set for May 25, 2018, a surprising 37 percent of respondents don’t know whether their organization needs to comply, while more than a quarter believe their organization doesn’t need to comply at all.

According to GDPR criteria, any company that stores or processes personal information about EU citizens must demonstrate compliance. Of the respondents who don’t believe the law applies to their organization, one in seven collects personal data from EU citizens, while 28 percent of respondents who were unsure about compliance also collect this type of information.

While many organizations have been aware of GDPR for some time, just one in 10 (10 percent)  respondents believe their company is completely ready for compliance, while 44 percent said they don’t actually know how close their organization is to compliance. Of those who reported that their business needs to comply with GDPR (35 percent of total respondents), 86 percent believe …

…they currently have a solid compliance strategy in place, with firewalls, VPN and encryption identified as the security measures most likely to be involved in these strategies.

However, more than half (51 percent) believe that their organization will need to make significant changes to their IT infrastructure in order to comply. As such, time is running out, and companies are feeling the pressure. Respondents from organizations that are not yet GDPR-compliant estimate it will take an average of seven months to complete the requirements, according to WatchGuard.

“The challenge for the channel is the same as every other organization — to become compliant themselves,” Hillstrom said. “Managed service providers (MSPs), for example, will likely need to collect IP addresses from EU citizens on behalf of their customers — and may collect many other types of information that the GDPR considers personal data in addition to IP address. This means that they need to comply themselves. And, even if the channel organization is not required to comply, it may be demanded from customers if you are providing GDPR compliance services — as proof of your capabilities.”