Alert Logic, the leading provider of Security-as-a-Service solutions, today announced data from Crowd Research Partners’ 2018 GDPR Compliance Report that shows only seven percent of companies were on track to achieve European Union General Data Protection Regulation (GDPR) compliance by the May 25, 2018 deadline, with the majority citing lack of expert staff for their failure to comply with the newly-implemented regulation. The study finds the second and third most cited reasons for non-compliance are budgetary constraints and a limited understanding of the GDPR requirements, respectively.

The industry report, co-sponsored by Alert Logic and other cybersecurity providers, benchmarks the readiness of companies to comply with the GDPR, identifies top barriers to achieving readiness, and explores how companies are tackling compliance with the new data privacy law. The report summarizes responses from a survey of 531 information technology, cybersecurity, and compliance professionals. The results underscore the widely varying maturity levels of GDPR compliance plans across organizations—and the considerable effort they face in terms of financial costs and man-hours required to implement all the technical and organizational controls required by the GDPR.

The study also found approximately one third of companies reported they will need to make substantial changes to data security practices and systems to comply with the GDPR. Identifying and mapping user data to protected GDPR categories was the top ranked initiative for meeting GDPR compliance—cited by almost three quarters of report respondents. This was followed by evaluating, developing, and integrating solutions that enable GDPR compliance.

“We are seeing a substantial increase in organizations with strained resources, especially cyber-security staffing, who need to comply with regulations like GPDR along with PCI DSS, HIPAA & HITECH, and SOX,” said Bob Lyons, CEO, Alert Logic. “Alert Logic can help these organizations achieve compliance quickly and reduce the risk of stringent fines from GDPR non-compliance—without having to hire more people—through an integrated solution that includes robust security compliance controls and expert services.”