GDPR – Two Thirds of Organisations Aren’t Ready

Uploaded on 2018-03-07 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

People across Europe are set to gain additional control over their personal information from new legislation, but with just under three months until it comes into force, two thirds of organisations aren't prepared for the General Data Protection Regulation (GDPR) 'right to be forgotten'.

The European Union-led data protection reforms officially come into force from May 25 2018 and aims to simplify the regulatory environment around data to help consumers and businesses in the digital economy.

At its heart, GDPR is designed to provide regulations on how information on residents across the EU is collected, stored, used, processed, transferred and deleted by organisations.

However, despite non-compliance to these rules potentially involving a fine of €20 million, or even 4% of a company's global turnover, confusion still reigns over what the 'right to be forgotten' actually means in practice.

According to research by big data application provider Solix, two thirds of organisations are unsure if an individual's personal information is purged from all systems, forever. Meanwhile. just 43 percent of organisations have any defined process for methodical deletion of records and confirmation checks.

That could lead to problems if an individual asks to be forgotten and the request isn't carried out - potentially leading to the large fines.

Solix's research also found that 82 percent of organisations don't know where their most sensitive personal data is stored, with only 55 percent maintaining audit trails for data consents, collections updates, and deletion. All of this could lead to organisations being deemed non-GDPR compliant.

"It's clear that the majority of organisations are not currently prepared to meet GDPR requirements," said John Ottman, Executive Chairman of Solix Technologies. "There is an urgency to take steps now, as the enforcement deadline quickly approaches and applies to anyone who is currently operating with EU customers."

An analysis by Forrester found that just a quarter of organisations across Europe are thought to be GDPR compliant already, with significant numbers of organisations unsure about what they need to do about GDPR, with some even being unaware of it completely.

In addition to this recent UK government report suggested that under half of businesses are aware of the upcoming GDPR laws or what they mean for information security is handled.

Organisations of all sizes in all sectors find themselves having to prepare for GDPR, with local government one of many sectors which need to comply. A newly released report by the Parliament Street think tank has described GDPR as "a major challenge for the way UK local authorities approach data security policies and handle public information".

Figures released following a freedom of information request by the think tank suggest London boroughs have spent over £1.2 million in an effort to prepare for GDPR, but there's a large disparity between budgets being set aside.

At the highest end, Tower Hamlets has set aside £300,000 for GDPR compliance, while Houslow, has set aside the lowest amount, just £1,000 has been spent on staff training and materials, with an additional £4,000 set aside for the rest of the year.

The report recommends that GDPR compliance across London could me made simpler if the boroughs shared responses.

"The sharing of GDPR consultants, sharing of data management policies and implementation strategies will in turn reduce costs and create a more efficient example of local government in action," says the paper.

To contact the GDPR Advisory Board please visit:  www.gdpr-board.co.uk

ZDNet

You Might Also Read:

GDPR-Regulated Data Is Lurking In Unexpected Places:

Your Questions Answered By The GDPR Advisory Board:

 

 

 

« Cyberbullying Attacks the Young
Which Phishing Messages Have A Near 100% Click Rate? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Quantivate

Quantivate

Quantivate is a provider of web-based Governance, Risk, and Compliance (GRC) software and service solutions.

HID Global

HID Global

HID Global is a trusted leader in products, services and solutions related to the creation, management, and use of secure identities.

STMicroelectronics

STMicroelectronics

ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life.

Sintef Digital

Sintef Digital

Sintef Digital carries out research in Information and Communication Technology for industry and the public sector.

DynaRisk

DynaRisk

DynaRisk helps companies protect their staff, clients and supply chain from cyber threats by enabling people to take action for themselves.

AppTec

AppTec

AppTec is a leading software vendor in the field of Unified Endpoint Management and Mobile Security.

Scantist

Scantist

Scantist is a cyber-security spin-off from Nanyang Technological University (Singapore) which leverages its expertise to provide vulnerability management solutions to enterprise clients.

Cytellix

Cytellix

Cytellix is an industry-standards-based, managed cybersecurity service provider, specializing in proactive behavioral analytics and situational awareness of an organization’s cyber posture.

AnaVation

AnaVation

AnaVation is a trusted partner delivering high-value, cost-effective solutions that solve the most complex technical and analytical problems for our customers.

Prelude Research

Prelude Research

Prelude offer the first autonomous platform built to attack, defend and train critical assets through continuous red-teaming.

RubinBrown

RubinBrown

RubinBrown LLP is a leading accounting and professional consulting firm. The RubinBrown name and reputation are synonymous with experience, integrity and value.

Apura Cybersecurity Intelligence

Apura Cybersecurity Intelligence

Apura is a Brazilian company that develops advanced products and provides specialized services in information security and cyber defense.

SafeBase

SafeBase

Safebase provide the infrastructure for Trust Communication. Our Trust Center enables Security and Sales teams to share and automate access to security, compliance, and privacy information.

Defence Innovation Accelerator for the North Atlantic (DIANA)

Defence Innovation Accelerator for the North Atlantic (DIANA)

The NATO DIANA accelerator programme is designed to equip businesses with the skills and knowledge to navigate the world of deep tech, dual-use innovation.

APIsentry

APIsentry

APIsentry is a leading provider of comprehensive API security solutions, specializing in protecting organizations from a wide range of cyber threats targeting their Application Programming Interfaces.

One Step Secure IT

One Step Secure IT

One Step provide Managed IT Services, Cybersecurity Protections, and Compliance to businesses in the USA nationwide.