Less than a third of Asia-Pacific firms ready for GDPR

The GDPR compliance deadline is a week away, but only 29 per cent of companies in the Asia Pacific region will be ready, according to a new global survey by ISACA.

ISACA’s GDPR Readiness Survey provides a near-real-time look at readiness levels, top compliance barriers and expected readiness timeframes.

GDPR, a regulation out of the European Union, impacts entities doing business in or with the EU starting 25 May 2018.

Not only are most organisations unprepared for the deadline, but only around half of the companies surveyed (51 per cent) expect to be compliant by the yearend,  and 40 per cent do not know when they will be fully compliant.

The survey reveals the top five challenges related to GDPR compliance.

ISACA, GDPR Readiness Survey ISACA

ISACA's pre-deadline GDPR readiness survey showed that most organisations were unprepared for the new regulations to go into effect.

Cost was the sixth highest concern, at 33 per cent. About 20 per cent say it will cost under US$1 million to become GDPR compliant, with 14 per cent spending $1 million or more. Two-thirds of the business technology professionals surveyed in APAC were unsure how much their organisations would be spending.

The survey was conducted last month among 6,000 business and technology professionals who are members of ISACA.

Read more: From corporate work to pro bono: An IT exec’s experience

Crumbling borders

“When protecting data, we can’t think in terms of nations - or even specific industries -anymore,” says ISACA, on the global implications of GDPR.

“The digital economy is global and borderless, and the co-mingling of industries (e.g., online retailers becoming offering financial and banking services, etc.) demonstrates that even the borders between industries are crumbling. This will not change - it will only increase.”

ISACA suggests organisations think in terms of ecosystems, that include global interrelated ecosystems of commerce, of law enforcement and of communication that are part of modern civilisation.

Read more: Will AI take our jobs? That’s up to us!

“If we approach data protection from the standpoint of ecosystems, our actions must focus on hardening that ecosystem, making it more robust, globally,” the report states.

“This means that it is very likely that data protection public policy measures will become the norm, globally - not the exception.

“As emerging technologies arise and their impacts are felt in data protection, those new concerns must be taken into consideration when shaping the next generation of data protection legislation and regulation.

“This also means that the stakeholder group that participates in crafting the “nextgen” version of the GDPR must be both broad and deep, encompassing as many aspects and levels of the public and private sectors, academia, and the NGO community as possible.”

Read more: The CIO advocacy: Build a better brand for IT

"The time to prepare for a data-driven future is before it arrives— not after," notes ISACA.

Employee awareness

ISACA says among the survey’s most concerning findings is the level of employee education on GDPR and their role in compliance.

Only 42 per cent of respondents say their organisations’ employees have been educated to a satisfactory level about their responsibilities to maintain GDPR compliance.

Read more: St John demonstrates the lifesaving power of digital tech

“Employee awareness and education are critical components of ongoing GDPR compliance,” says Dr Chris K. Dimitriadis, chair of ISACA’s GDPR Working Group.

“Awareness of - and commitment to - well-defined security, data management, and privacy policies and procedures clearly need to be an integral part of every organisation’s culture, from the top down.”

ISACA says the good news is that the majority of executive leaders in APAC recognise the importance of GDPR and its implications.

The survey finds  two-thirds of respondents (66 per cent) believe their organisation’s executives have made becoming GDPR-compliant a priority.

Organisations also expect to achieve significant benefits from GDPR compliance. The top three anticipated positive outcomes are: 

ISACA, GDPR Readiness Survey ISACA

Though organisations were unprepared GDPR, they have a generally optimistic view of it, according to ISACA's readiness survey.

One of the most practical and cost-effective ways organisations can support GDPR and other compliance requirements is to help employees understand the business value of the information they deal with regularly, says Tim Upton, CEO at TITUS, which sponsored the research.

“That way, employees become more aware of their responsibilities when it comes to handling and protecting data within the flow of work, providing added value to the ways organisations earn and maintain the trust of customers and employees.”

IDG Insider


« Get a sleek Asus laptop with an 8th-gen Core i5 CPU and USB-C for $479 today


4 reasons why YouTube Premium will beat Apple Music (and 4 reasons why it won't) »
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?