GDPR – Two Thirds of Organisations Aren’t Ready

Uploaded on 2018-03-07 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Law

People across Europe are set to gain additional control over their personal information from new legislation, but with just under three months until it comes into force, two thirds of organisations aren't prepared for the General Data Protection Regulation (GDPR) 'right to be forgotten'.

The European Union-led data protection reforms officially come into force from May 25 2018 and aims to simplify the regulatory environment around data to help consumers and businesses in the digital economy.

At its heart, GDPR is designed to provide regulations on how information on residents across the EU is collected, stored, used, processed, transferred and deleted by organisations.

However, despite non-compliance to these rules potentially involving a fine of €20 million, or even 4% of a company's global turnover, confusion still reigns over what the 'right to be forgotten' actually means in practice.

According to research by big data application provider Solix, two thirds of organisations are unsure if an individual's personal information is purged from all systems, forever. Meanwhile. just 43 percent of organisations have any defined process for methodical deletion of records and confirmation checks.

That could lead to problems if an individual asks to be forgotten and the request isn't carried out - potentially leading to the large fines.

Solix's research also found that 82 percent of organisations don't know where their most sensitive personal data is stored, with only 55 percent maintaining audit trails for data consents, collections updates, and deletion. All of this could lead to organisations being deemed non-GDPR compliant.

"It's clear that the majority of organisations are not currently prepared to meet GDPR requirements," said John Ottman, Executive Chairman of Solix Technologies. "There is an urgency to take steps now, as the enforcement deadline quickly approaches and applies to anyone who is currently operating with EU customers."

An analysis by Forrester found that just a quarter of organisations across Europe are thought to be GDPR compliant already, with significant numbers of organisations unsure about what they need to do about GDPR, with some even being unaware of it completely.

In addition to this recent UK government report suggested that under half of businesses are aware of the upcoming GDPR laws or what they mean for information security is handled.

Organisations of all sizes in all sectors find themselves having to prepare for GDPR, with local government one of many sectors which need to comply. A newly released report by the Parliament Street think tank has described GDPR as "a major challenge for the way UK local authorities approach data security policies and handle public information".

Figures released following a freedom of information request by the think tank suggest London boroughs have spent over £1.2 million in an effort to prepare for GDPR, but there's a large disparity between budgets being set aside.

At the highest end, Tower Hamlets has set aside £300,000 for GDPR compliance, while Houslow, has set aside the lowest amount, just £1,000 has been spent on staff training and materials, with an additional £4,000 set aside for the rest of the year.

The report recommends that GDPR compliance across London could me made simpler if the boroughs shared responses.

"The sharing of GDPR consultants, sharing of data management policies and implementation strategies will in turn reduce costs and create a more efficient example of local government in action," says the paper.

To contact the GDPR Advisory Board please visit:  www.gdpr-board.co.uk

ZDNet

You Might Also Read:

GDPR-Regulated Data Is Lurking In Unexpected Places:

Your Questions Answered By The GDPR Advisory Board:

 

 

 

« Cyberbullying Attacks the Young
Which Phishing Messages Have A Near 100% Click Rate? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

C2B2 Consulting

C2B2 Consulting

C2B2 are experts in middleware support and consultancy. We specialise in ensuring scalability, performance and security of large scale systems.

The Open Group

The Open Group

The Open Group: Leading the development of open, vendor-neutral IT standards and certifications.

LEPL Cyber ​​Security Bureau - Georgia

LEPL Cyber ​​Security Bureau - Georgia

The aim of the LEPL Cyber Security Bureau is to create and strengthen stable, efficient and secure systems of information and communications technologies.

Cynexlink

Cynexlink

Cynexlink offers Managed IT Services with Security, Network, Storage & Cloud solutions for all size of business.

YL Ventures

YL Ventures

YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead.

OurCrowd

OurCrowd

OurCrowd is a leading equity crowdfunding platform for investing in global startups.

AiCULUS

AiCULUS

AiCULUS is a global technology company that specializes in API security and Risk Management products.

Gula Tech Adventures

Gula Tech Adventures

Gula Tech Adventures invests in companies and nonprofits that help close the gap in needed technology and workforce to defend the country in cyberspace.

SafeStack Academy

SafeStack Academy

SafeStack Academy is an online cyber security and privacy education platform. Our content is designed by experts to suit small businesses, growing companies, and development teams.

SecureOps

SecureOps

SecureOps is transforming the Managed Security Service Provider industry by providing tailored cybersecurity solutions proven to protect organizations from cyberattacks.

Surefire Cyber

Surefire Cyber

Surefire Cyber delivers swift, strong response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats with end-to-end response capabilities.

Stacklet

Stacklet

Stacklet provides cloud governance as code platform that accelerates how Global 2000 manages its security, asset visibility, operations, and cost optimization policies in the cloud.

Oxeye

Oxeye

Oxeye fills the gap between cloud and code to show exploitable vulnerabilities, and their path from API to code. More visibility. Less noise. More time to build.

Obsidian Security

Obsidian Security

Protect your business-critical applications by mitigating threats and reducing risk with Obsidian, the first truly comprehensive security solution for SaaS.

Unit 42

Unit 42

Unit 42 brings together world-renowned threat researchers, incident responders and security consultants to create an intelligence-driven, response-ready organization.

Boltonshield

Boltonshield

Boltonshield provide a unique and proactive approach to cyber defence with managed security services, integrated technologies, and a team of security experts, ethical hackers and analysts.