1 Sponsored by:

GDPR: Perceptions and ReadinessA Global Survey of Data Privacy Professionals

at companies with European Customers

September 2016

Sponsored by:

2 Sponsored by:2

Research Goal The primary research goal was to understand

perceptions of the General Data Protection

Regulation (GDPR) among individuals responsible for

data privacy at companies with European customers.

Goals and Methodology

Methodology An online survey was fielded to independent sources

of IT and business professionals responsible for data

privacy. Questions were asked about awareness of

GDPR and expected impacts. Dell was not revealed

as the survey sponsor. The survey was field in

English, German, and Dutch.

Participants A total of 821 qualified individuals completed the

survey. All had responsibility for data privacy as a

significant part of their job responsibilities. All worked

at companies with more than 10% of customer

base in Europe.

3 Sponsored by:3

Introduction to GDPR

Description Provided The General Data Protection Regulation

(GDPR) was recently adopted by the

European Union to strengthen and unify

data protection for individuals within the

European Union.

To ensure that feedback was based on existing

knowledge of GDPR, this simple introduction was provided

to participants before continuing into the survey questions. No other

information about GDPR was provided to participants.

4 Sponsored by:

PARTICIPANT DEMOGRAPHICS

5 Sponsored by:5

Participants Represented

CIO, VP or other IT executive

28%

IT team manager 38%

Frontline IT professional

28%

Business executive (<100 employees)

6%

Role

More than 10% of our customers

are in Europe 53%

More than half of our customers are in

Europe 16%

Most of our customers are in

Europe 16%

All of our customers are in Europe

15%

European Footprint

Less than 100 employees

18%

100 - 1,000 employees32%

1,000 - 5,000 employees29%

More than 5,000 employees

21%

Company Size

= “SMB”

= “Enterprise”

6 Sponsored by:6

Regions Represented

Asia Pacific (Australia, New Zealand, Singapore, Hong Kong, India)

9%

United States or Canada 19%

United Kingdom or Ireland 14%

Germany 15%

Sweden 15%

Benelux14%

Europe72%

France, Italy, Spain, Poland14%

7 Sponsored by:

BROAD LACK OF AWARENESS ABOUT GDPR

8 Sponsored by:

How would you characterize your awareness of GDPR?Choose the answer that most closely applies.

Very few aware of the details of GDPR, even at companies based in Europe

Never heard of it before

18%

I knew there was something going

on, but don't know any details

31%

I was aware there are new regulations and know some

details 33%

I am fairly familiar with the regulations but have a lot

more to learn 14%

I am very knowledgeable about GDPR

4%

21%

16%

31%

32%

38%

30%

9%

17%

1%

6%

0% 20% 40% 60% 80% 100%

Outside Europe

In Europe

Never heard of it before

I knew there was somethinggoing on, but don't knowany details

I was aware there are newregulations and know somedetails

I am fairly familiar with theregulations but have a lotmore to learn

I am very knowledgeableabout GDPR

9 Sponsored by:

How would you characterize your awareness of GDPR?Choose the answer that most closely applies.

IT executives most likely to know the details of GDPR

By Job Level

20%

22%

12%

13%

54%

39%

26%

25%

17%

32%

32%

28%

10%

6%

23%

24%

0%

1%

8%

11%

0% 20% 40% 60% 80% 100%

Business Executive

IT Administrator

IT Team Mgr

IT Executive

Never heard of it before

I knew there was somethinggoing on, but don't know anydetails

I was aware there are newregulations and know somedetails

I am fairly familiar with theregulations but have a lot moreto learn

I am very knowledgeable aboutGDPR

n = European participants only

10 Sponsored by:

COMPANIES ARE NOT PREPARED FOR GDPR

11 Sponsored by:

In your opinion, is your company prepared for GDPR today?Choose the answer that most closely applies.

Less than 1 in 3 companies are prepared

Yes 31%

No 37%

I don't know 32%

22%

37%

38%

36%

40%

27%

0% 20% 40% 60% 80% 100%

Outside Europe

In Europe

Yes

No

I don't know

12 Sponsored by:

In your opinion, is your company prepared for GDPR today?Choose the answer that most closely applies.

Germans feel most prepared for GDPR; Benelux least

n = European participants only

By Country

40%

26%

33%

41%

44%

35%

43%

39%

31%

34%

26%

31%

28%

28%

22%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Other European Country

Benelux

Sweden

UK

Germany

Yes

No

I don't know

13 Sponsored by:

In your opinion, is your company prepared for GDPR today?Choose the answer that most closely applies.

Consumer-focused and large companies mostly likely to feel prepared

47%

38%

24%

29%

35%

46%

24%

26%

30%

0% 20% 40% 60% 80% 100%

B2C and B2B

B2C

B2B

Yes

No

I don't know

n = European participants only

By Customer Type By Company Size

32%

41%

35%

38%

32%

21%

0% 50% 100%

SMB

Enterprise

Yes

No

I don't know

14 Sponsored by:

Does your company have a plan to prepare for GDPR?Choose the answer that most closely applies.

97% don’t have a plan to be ready

n = not ready for GDPR today

3% 37% 27% 33%

0% 20% 40% 60% 80% 100%

We have a clear plan in place

We are still working on our plan

We are figuring out who needs to beinvolved to put a plan together

We have not started on our planning

15 Sponsored by:

If GDPR had been fully in effect in the past year, would your

organization have been in compliance with the regulations?

Less than half of Europeans think that they would have been in compliance this year

15%

5%

49%

44%

28%

43%

9%

7%

0% 20% 40% 60% 80% 100%

Outside Europe

In Europe

Definitely in compliance

Probably in compliance

Probably not in compliance

Definitely not in compliance

16 Sponsored by:

How much of a concern is GDPR compliance for your organization?Choose the answer that most closely applies.

82% are concerned about GDPR compliance, concern greatest in Europe

10%

30%

72%

52%

18%

18%

0% 20% 40% 60% 80% 100%

Outside Europe

In Europe

Very concerned

Somewhat concerned

Not concerned

Very concerned 23%

Somewhat concerned

59%

Not concerned 18%

17 Sponsored by:

How much of a concern is GDPR compliance for your organization?Choose the answer that most closely applies.

Larger companies and Germans more likely to be concerned about GDRP compliance

26%

34%

52%

53%

23%

13%

0% 20% 40% 60% 80% 100%

SMB

Enterprise

Very concerned

Somewhat concerned

Not concerned

n = European participants only

By Company Size By Country

24%

10%

32%

33%

46%

66%

63%

43%

53%

40%

9%

27%

25%

14%

14%

0% 20% 40% 60% 80% 100%

Other European Country

UK

Benelux

Sweden

Germany

Very concerned

Somewhat concerned

Not concerned

18 Sponsored by:

How confident are you that your company will be fully ready for GDPR

when the regulation kicks off?Choose the answer that most closely applies.

Most lack confidence they will be fully ready when GDPR kicks off

4%

12%

9%

39%

43%

41%

35%

28%

30%

7%

9%

8%

16%

8%

11%

0% 20% 40% 60% 80% 100%

Outside Europe

In Europe

All

We will definitely be fully ready

I expect we will be fully ready

I am concerned we will not be fully ready

I know we will not be fully ready in time

I don't know

19 Sponsored by:

FULL IMPACT OF GDPR NOT CLEAR

20 Sponsored by:

In your opinion, will GDPR have

an impact on your approach to

DATA SECURITY?

GDPR expected to impact both data security and business outcomes

In your opinion, will GDPR have

an impact on your BUSINESS

OUTCOMES?

Yes, a significant

impact 28%

Yes, a minor impact

55%

No impact 17%

Yes, a significant impact

17%

Yes, a minor impact

49%

No impact 34%

21 Sponsored by:

How much do you think your current data security practices and

technologies will have to change as a result of GDPR?

Majority do expect changes to security will be needed, but most think it will be minor

16%

27%

73%

62%

11%

11%

0% 20% 40% 60% 80% 100%

Outside Europe

In Europe

Significant change

Minor change

No change

Significant change

23%

Minor change 66%

No change 11%

22 Sponsored by:

How do you rate your ability to comply with GDPR given

your current approach to data privacy?

Majority think existing practices will meet GDPR requirements with a few tweaks

8% 58% 27% 7%

0% 20% 40% 60% 80% 100%

We are already compliant and do not needto change

Our existing practices will satisfy some ofGDPR, but we will need to make a fewchanges

We are compliant in a few areas, but needto make significant changes to becompliant

We are not compliant at all

23 Sponsored by:

If GDPR had been fully effect in the past year, would your organization

have faced penalties given your current approach to data privacy?

Lack of knowledge about penalties for lack of compliance

17%

23%

21%

26%

42%

35%

57%

36%

44%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Outside Europe

In Europe

All

Yes

No

I don't know

24 Sponsored by:

What level of penalty would your organization likely have faced if

GDPR had been fully in effect this past year given your current

approach to data privacy?

Lack of knowledge about penalties for lack of compliance (con’t)

n = would have faced a penalty

17% 47% 23% 13%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Severe penalty - A significant financial penaltyand/or a large amount of remediation work andinvestment

Serious penalty - A moderate financial penaltyand/or manageable amount of remediation workand investment

Slap-on-the-hand penalty - Small financial penaltyand/or easy-to-achieve remediation

I don't know

25 Sponsored by:

FEW FEEL PREPARED ACROSS GDPR SECURITY DISCIPLINES

26 Sponsored by:

Which of the following security disciplines has your organization

adopted? Choose all that apply.

Many security disciplines that will help with GDPR have been adopted, but not all

2%

33%

44%

47%

50%

63%

72%

72%

0% 10% 20% 30% 40% 50% 60% 70% 80%

None of these

Access governance (attestation/recertification)

Next generation firewall (NGFW)

Multifactor authentication

Secure mobile access

Privileged account management

Email security

Access management

27 Sponsored by:

Those who have adopted Access Governance much more prepared for GDPR

5%

17%

38%

49%

34%

22%

10%

6%

13%

6%

0% 20% 40% 60% 80% 100%

No Access Governance

Have adopted Access Governance

How confident are you that your company will be fully ready for GDPR when the regulation kicks off?

We will definitely be fully ready

I expect we will be fully ready

I am concerned we will not be fully ready

I know we will not be fully ready in time

I don't know

28 Sponsored by:

Each of the following security disciplines contributes to GDPR

compliance. How well do you feel your current practices and

technologies are equipped to meet GDPR compliance?

Across the security disciplines impacting GDPR, few feel well prepared

21%

29%

31%

34%

36%

40%

47%

38%

36%

36%

39%

41%

44%

36%

22%

19%

19%

15%

11%

6%

7%

20%

16%

14%

11%

12%

10%

10%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Access governance (attestation/recertification)

Next generation firewall (NGFW)

Multifactor authentication

Secure mobile access

Privileged account management

Access management

Email security

Well prepared

Somewhat prepared

Not prepared

I don't know

29 Sponsored by:

OTHER

30 Sponsored by:

What team in your organization currently has primary responsibility for

data protection and compliance including GDPR?

IT expected to take the lead on GDPR

1%

5%

7%

8%

23%

55%

0% 10% 20% 30% 40% 50% 60%

Other

Business operations

Legal

Business management

Security

IT

All By Size

14%

5%

6%

13%

60%

2%

5%

8%

32%

51%

0% 20% 40% 60% 80%

Business management

Business operations

Legal

Security

IT

Enterprise

SMB

31 Sponsored by:

One of the requirements of GDPR is that each company names a

Data Protection Officer (DPO) with direct responsibility for compliance

with GDPR. In your opinion, what is your company’s most likely

approach to appointing a Data Protection Officer?

Most expect to have an in-house DPO

64%

71%

17%

18%

19%

10%

0% 20% 40% 60% 80% 100%

Outside Europe

In Europe

In-house

Outsource

I couldn't even guess

In-house 68%

Outsource 18%

I couldn't even guess 14%

32 Sponsored by:

REGION-SPECIFIC QUESTIONS

33 Sponsored by:

To the best of your understanding, does the United Kingdom’s

vote to leave the European Union mean that your

organization is exempt from GDPR?

Almost a half of those in the UK not clear on the impact of Brexit on GDPR

Yes, our company is exempt

12%

No, we still have to comply

56%

I don't know if it had an impact

32%

n = live in UK

34 Sponsored by:

To the best of your understanding, does working in a region that is not

part of the European Union mean that your organization is exempt

from GDPR?

Almost a half of those outside Europe not clear if GDPR impacts them

n = live outside of Europe

Yes, our company is

exempt 10%

No, we still have to comply

53%

I don't know 37%

35 Sponsored by:35

For more information…

About Dimensional Research

Dimensional Research provides practical marketing research to help technology companies make smarter business decisions. Our researchers are experts in technology and understand how corporate IT organizations operate. Our qualitative research services deliver a clear understanding of customer and market dynamics.

For more information, visit www.dimensionalresearch.com.

About Dell Software

Dell Software helps customers unlock greater potential through the power of technology—delivering scalable, affordable and simple-to-use solutions that simplify IT and mitigate risk. The Dell Software portfolio addresses five key areas of customer needs: data center and cloud management, information management, mobile workforce management, security and data protection. This software, when combined with Dell hardware and services, drives unmatched efficiency and productivity to accelerate business results.

For more information, visit www.dellsoftware.com.