Sep 30 2015

Businesses Feel the Financial Burden of Preparing for the EU’s General Data Protection Regulation (GDPR)

Over two thirds of IT professionals surveyed say they need to invest in new technologies or services to help prepare their business for the impact of GDPR

LONDON, UK – September 30, 2015 – Ipswitch™ released the results of a European survey that polled 300 IT professionals* to see how their businesses were preparing for the new European Union (EU) General Data Protection Regulation (GDPR).  The regulation is designed to unify and simplify data protection across 28 EU countries and includes severe penalties for non-compliance of up to two percent of a company’s annual global turnover.  The GDPR draft has been passed by EU Parliament and is due to become law by the end of 2015.  It is expected to impact any organisation which collects, stores, processes and shares personal data on employees, customers or partners. 


The Burden of GDPR

Over two thirds (68 per cent) of IT professionals say that keeping up to date with changing data protection regulatory requirements is a financial burden on their business.  British businesses feel most strongly about this (77 per cent), compared with 66 per cent in France and 61 per cent in Germany.   


69 per cent of IT professionals believe they will need to invest in new technologies and services to help them prepare for the impact of GDPR.  62 per cent think they will need to invest in encryption technologies, 61 per cent in analytic and reporting technologies, 53 per cent plan to invest in perimeter security technologies and 42 per cent in file sharing technologies.   


Over half (51 per cent) report that their business has already allocated training budget to help staff understand and comply with GDPR.  However, just under a third (30 per cent) have not.  Almost one fifth (19 per cent) have no idea whether training budget has been allocated.  Businesses in France report the most instances of training budget having been allocated, (56 per cent), compared to 49 per cent in Germany and 48 per cent in the United Kingdom.  


Exactly half of IT professionals also say they have allocated internal training resource to help staff understand and comply with the new regulation.  However, almost one third, (32 per cent), have no internal resource allocated for this yet.  The United Kingdom is the least prepared here, with 40 per cent having made no provision compared to their German (33 per cent) and French (24 per cent) counterparts.


Awareness of GDPR and Data Use

Whilst over two thirds (69 per cent) of IT professionals acknowledge that GDPR will impact their business, almost one fifth (18 per cent) still have no idea whether changes in the regulation will apply to them.  This is despite confirming that they do store and process personal data.   


These numbers are however an improvement on awareness of the regulation at this time last year, when a GDPR compliance survey conducted by Ipswitch revealed that more than half (56 per cent) of respondents could not accurately identify what ‘GDPR’ meant.   


Overall, 90 per cent of those surveyed said that their businesses store personal data, 86 per cent process personal data and over a third (40 per cent) share data externally.  62 per cent of those that share personal data use email to do so.  A quarter are using portable storage such as USBs or CDs, almost a quarter (22 per cent) use the postal system and 43 per cent use cloud based file sharing websites.   


David Juitt, chief security architect at Ipswitch, commented, “It’s encouraging to see that there is far greater awareness of the changes than at this time last year.  Just over half of businesses are starting to prepare with training courses for staff. However, whilst IT professionals recognise the need to align data protection regulation to keep up with modern data sharing practices and the globalisation of data, it is clear that compliance comes at a price for most.  Whilst many are trying to prepare by organising training and assigning resource, there’s clearly a very large expectation of a need to invest in technologies including managed file transfer systems like Ipswitch MOVEit™ that meet stringent security and compliance requirements.” 


The Ipswitch MOVEit™ managed file transfer system helps IT teams support GDPR requirements 

Protecting Personally Identifiable Information (PII)

  • Support for secure open standard transfer protocols
  • End-to-end encryption, guaranteed delivery and non-repudiation
  • Automated file management policies

  Managing PII

  • Automated file exchange
  • Managed ad hoc exchange
  • Policy based file access and data loss protection (DLP)

  Managing System Exposure

  • High availability and disaster recovery
  • Monitoring and reporting for auditing and forensics
  • Trading partner provisioning and management


*The 2015 GDPR Ipswitch survey was conducted by technology research firm Vanson Bourne during July 2015 and polled 300 IT professionals. Survey responses include 100 responses from the UK, 100 responses from France, and 100 responses from Germany.


About Ipswitch

Ipswitch helps solve complex IT problems with simple solutions. The company’s software is trusted by millions of people worldwide to monitor networks, applications and servers, and transfer files between systems, business partners and customers. Ipswitch was founded in 1991 and is based in Lexington, Massachusetts with offices throughout the U.S., Europe, Asia and Latin America. For more information, visit