New research from Cloud Research Partners finds that 60 percent of businesses are likely to miss the GDPR compliance deadline of May 25th. The research also finds that many companies still lack a deep understanding of the law.
At the RSA Conference in San Francisco, security experts discussed their views on the new regulations, including their top tips and the biggest misconceptions.
"There are many misconceptions. Some are basically finding crypted data -- I'm not liable, which is untrue. Many are, well I'm not a subject company because I'm in the U.S., which is not true," said Dimitri Sirota, the founder and CEO of BigID. "GDPR is much more of a journey than a destination. It requires you for instance to institute personal data rights, things like right to be forgotten, meaning every person has a legal right to their data."
"The other thing that is critical for customers to ensure they do is make sure the providers they use are EU GDPR compliant," said Andrew Conway, General Manager Enterprise of Mobility Security at Microsoft.
The laws come as Silicon Valley tech companies continue to face criticism over their handling of customer data. During Alphabet's earnings call on Monday, Google CEO Sundar Pichai dismissed fears that Google will not be GDPR ready and said the regulations should not have a huge impact on its ad business.
Meanwhile, one expert said he expects the real craze to happen after the GDPR deadline.
"Once we get past May, there's going to be this realization that it doesn't mean it's finished," said Laurence Pitt, Global Security Strategy Director of Juniper Networks. "So, for example, software quality – I think there will be a lot of conversation around that, software licensing and user license agreement. All of these things are being updated for GDPR and it will only take a couple of breaches or software issues to happen to highlight the problems that can be caused and everyone will time out."