GDPR – Two Thirds of Organisations Aren’t Ready

Uploaded on 2018-03-07 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

People across Europe are set to gain additional control over their personal information from new legislation, but with just under three months until it comes into force, two thirds of organisations aren't prepared for the General Data Protection Regulation (GDPR) 'right to be forgotten'.

The European Union-led data protection reforms officially come into force from May 25 2018 and aims to simplify the regulatory environment around data to help consumers and businesses in the digital economy.

At its heart, GDPR is designed to provide regulations on how information on residents across the EU is collected, stored, used, processed, transferred and deleted by organisations.

However, despite non-compliance to these rules potentially involving a fine of €20 million, or even 4% of a company's global turnover, confusion still reigns over what the 'right to be forgotten' actually means in practice.

According to research by big data application provider Solix, two thirds of organisations are unsure if an individual's personal information is purged from all systems, forever. Meanwhile. just 43 percent of organisations have any defined process for methodical deletion of records and confirmation checks.

That could lead to problems if an individual asks to be forgotten and the request isn't carried out - potentially leading to the large fines.

Solix's research also found that 82 percent of organisations don't know where their most sensitive personal data is stored, with only 55 percent maintaining audit trails for data consents, collections updates, and deletion. All of this could lead to organisations being deemed non-GDPR compliant.

"It's clear that the majority of organisations are not currently prepared to meet GDPR requirements," said John Ottman, Executive Chairman of Solix Technologies. "There is an urgency to take steps now, as the enforcement deadline quickly approaches and applies to anyone who is currently operating with EU customers."

An analysis by Forrester found that just a quarter of organisations across Europe are thought to be GDPR compliant already, with significant numbers of organisations unsure about what they need to do about GDPR, with some even being unaware of it completely.

In addition to this recent UK government report suggested that under half of businesses are aware of the upcoming GDPR laws or what they mean for information security is handled.

Organisations of all sizes in all sectors find themselves having to prepare for GDPR, with local government one of many sectors which need to comply. A newly released report by the Parliament Street think tank has described GDPR as "a major challenge for the way UK local authorities approach data security policies and handle public information".

Figures released following a freedom of information request by the think tank suggest London boroughs have spent over £1.2 million in an effort to prepare for GDPR, but there's a large disparity between budgets being set aside.

At the highest end, Tower Hamlets has set aside £300,000 for GDPR compliance, while Houslow, has set aside the lowest amount, just £1,000 has been spent on staff training and materials, with an additional £4,000 set aside for the rest of the year.

The report recommends that GDPR compliance across London could me made simpler if the boroughs shared responses.

"The sharing of GDPR consultants, sharing of data management policies and implementation strategies will in turn reduce costs and create a more efficient example of local government in action," says the paper.

To contact the GDPR Advisory Board please visit:  www.gdpr-board.co.uk

ZDNet

You Might Also Read:

GDPR-Regulated Data Is Lurking In Unexpected Places:

Your Questions Answered By The GDPR Advisory Board:

 

 

 

« Cyberbullying Attacks the Young
Which Phishing Messages Have A Near 100% Click Rate? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Huawei

Huawei

Huawei is a leading global ICT solutions provider. with end-to-end capabilities across the carrier networks, enterprise, consumer, and cloud computing fields.

Information Security Systems (ISSCOM)

Information Security Systems (ISSCOM)

ISSCOM provide services to help companies implement Information Security Management Systems (ISMS) by providing consultancy and hands-on assistance.

Radisys

Radisys

Radisys offers software, products, integrated systems, and professional services for communication service providers and telecom solution vendors.

ForgeRock

ForgeRock

ForgeRock, the leader in digital identity, delivers comprehensive Identity and Access Management solutions for consumers, employees and things to simply and safely access the connected world.

InteliSecure

InteliSecure

InteliSecure offer Professional Services, Security Assessments and Managed Services for data and threat protection.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

Connectitude

Connectitude

Connectitude IIoT Platform ™ is a complete solution for industrial IIoT.

PQShield

PQShield

PQShield are specialists in Post-Quantum Cryptography. We provide quantum-secure cryptographic solutions for software, software/hardware co-design and data in transit.

The ATOM Group

The ATOM Group

ATOM builds and secures technology for regulated industries. We design and build for a future we can all trust.

Noetic Cyber

Noetic Cyber

Noetic provides a proactive approach to cyber asset and controls management, empowering security teams to see, understand, and optimize their cybersecurity posture.

InfusionPoints

InfusionPoints

InfusionPoints is your independent trusted partner dedicated to assisting you in building your secure and compliant business solutions.

Xalient

Xalient

Xalient is an IT consulting and managed services business, specialising in modern, software-defined networking, security and communications technologies.

Liminal

Liminal

Liminal is a boutique strategy advisory firm serving digital identity, fintech, and cybersecurity clients, and the private equity / venture capital community.

KYND

KYND

KYND has created pioneering cyber risk technology that makes assessing, understanding, and managing business cyber risks easier and quicker than ever before.

Awareness Software Limited (ASL)

Awareness Software Limited (ASL)

As Hosting Specialists, Awareness Software offer practical and affordable hosting solutions including backup and disaster recovery and a range of cybersecurity services.

NetAlly

NetAlly

NetAlly network test solutions help engineers and technicians better deploy, manage, maintain, and secure today’s complex wired and wireless networks.