GDPR – Two Thirds of Organisations Aren’t Ready

People across Europe are set to gain additional control over their personal information from new legislation, but with just under three months until it comes into force, two thirds of organisations aren't prepared for the General Data Protection Regulation (GDPR) 'right to be forgotten'.

The European Union-led data protection reforms officially come into force from May 25 2018 and aims to simplify the regulatory environment around data to help consumers and businesses in the digital economy.

At its heart, GDPR is designed to provide regulations on how information on residents across the EU is collected, stored, used, processed, transferred and deleted by organisations.

However, despite non-compliance to these rules potentially involving a fine of €20 million, or even 4% of a company's global turnover, confusion still reigns over what the 'right to be forgotten' actually means in practice.

According to research by big data application provider Solix, two thirds of organisations are unsure if an individual's personal information is purged from all systems, forever. Meanwhile. just 43 percent of organisations have any defined process for methodical deletion of records and confirmation checks.

That could lead to problems if an individual asks to be forgotten and the request isn't carried out - potentially leading to the large fines.

Solix's research also found that 82 percent of organisations don't know where their most sensitive personal data is stored, with only 55 percent maintaining audit trails for data consents, collections updates, and deletion. All of this could lead to organisations being deemed non-GDPR compliant.

"It's clear that the majority of organisations are not currently prepared to meet GDPR requirements," said John Ottman, Executive Chairman of Solix Technologies. "There is an urgency to take steps now, as the enforcement deadline quickly approaches and applies to anyone who is currently operating with EU customers."

An analysis by Forrester found that just a quarter of organisations across Europe are thought to be GDPR compliant already, with significant numbers of organisations unsure about what they need to do about GDPR, with some even being unaware of it completely.

In addition to this recent UK government report suggested that under half of businesses are aware of the upcoming GDPR laws or what they mean for information security is handled.

Organisations of all sizes in all sectors find themselves having to prepare for GDPR, with local government one of many sectors which need to comply. A newly released report by the Parliament Street think tank has described GDPR as "a major challenge for the way UK local authorities approach data security policies and handle public information".

Figures released following a freedom of information request by the think tank suggest London boroughs have spent over £1.2 million in an effort to prepare for GDPR, but there's a large disparity between budgets being set aside.

At the highest end, Tower Hamlets has set aside £300,000 for GDPR compliance, while Houslow, has set aside the lowest amount, just £1,000 has been spent on staff training and materials, with an additional £4,000 set aside for the rest of the year.

The report recommends that GDPR compliance across London could me made simpler if the boroughs shared responses.

"The sharing of GDPR consultants, sharing of data management policies and implementation strategies will in turn reduce costs and create a more efficient example of local government in action," says the paper.

To contact the GDPR Advisory Board please visit:  www.gdpr-board.co.uk

ZDNet

You Might Also Read:

GDPR-Regulated Data Is Lurking In Unexpected Places:

Your Questions Answered By The GDPR Advisory Board:

 

 

 

« Cyberbullying Attacks the Young
Which Phishing Messages Have A Near 100% Click Rate? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Thermo Systems

Thermo Systems

Thermo Systems is a design-build control systems engineering and construction firm. Capabilties include industrial control system cybersecurity.

Muninn

Muninn

At Muninn (aka Wehowsky), we specialize in mitigating potential risks within your network, providing one of the leading network detection and response (NDR) solutions on the market.

RKH Specialty

RKH Specialty

RKH Specialty, part of the Hyperion Insurance Group, is a provider of specialty insurance services including Cyber Risk cover.

Cybertekpro

Cybertekpro

Cybertekpro is a specialist insurance broker providing Cyber Liability insurance and cyber risk assessment services.

NLnet Labs

NLnet Labs

NLnet Labs is a not-for-profit foundation with a long heritage in research and development, Internet architecture and governance, as well as security in the area of DNS and inter-domain routing.

Wizlynx PTE LTD

Wizlynx PTE LTD

Wizlynx PTE LTD is the Singapore branch of Wizlynx Group located in Singapore, offering Information and Cyber Security Services throughout the entire Asia Pacific (APAC) region.

Veriff

Veriff

Veriff provides highly-automated identity-verification services that prevent fraud like nothing else on the market.

Carson McDowell

Carson McDowell

Carson McDowell are one of Northern Ireland's leading law firms. We are the law firm of choice for many of Northern Ireland's Top 100 companies as well as international companies doing business here.

VCG Group

VCG Group

VCG provides everything you need for the design, implementation and management of data centres, cyber-secure enterprise networks, cloud and connectivity services.

Grant Thornton

Grant Thornton

Grant Thornton is one of the world’s leading networks of independent assurance, tax and advisory firms.

Ekco

Ekco

Ekco is one of Europe’s leading managed cloud providers. With a network of infrastructure and security specialists across Europe, we’ve perfected our approach to supporting digital transformation.

Quartz Network

Quartz Network

Quartz Network is a curated community for change-makers, up-and-comers, and professionals who are ready to grow, adapt, and thrive.

Cyber Unit

Cyber Unit

Cyber Unit offer next level protection from cyber attacks in packages and pricing options that are accessible to smaller organizations.

Bearer

Bearer

Bearer helps modern teams ship trustworthy products with the help of our code security solution built for security, privacy and engineering teams.

Algoritha

Algoritha

Algoritha is a pioneering entity in the realm of security and forensic services.

Charm Security

Charm Security

Charm Security is an AI-powered customer security platform that protects organizations and their customers from scams, social engineering, and human-centric fraud.