GDPR – Two Thirds of Organisations Aren’t Ready

Uploaded on 2018-03-07 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

People across Europe are set to gain additional control over their personal information from new legislation, but with just under three months until it comes into force, two thirds of organisations aren't prepared for the General Data Protection Regulation (GDPR) 'right to be forgotten'.

The European Union-led data protection reforms officially come into force from May 25 2018 and aims to simplify the regulatory environment around data to help consumers and businesses in the digital economy.

At its heart, GDPR is designed to provide regulations on how information on residents across the EU is collected, stored, used, processed, transferred and deleted by organisations.

However, despite non-compliance to these rules potentially involving a fine of €20 million, or even 4% of a company's global turnover, confusion still reigns over what the 'right to be forgotten' actually means in practice.

According to research by big data application provider Solix, two thirds of organisations are unsure if an individual's personal information is purged from all systems, forever. Meanwhile. just 43 percent of organisations have any defined process for methodical deletion of records and confirmation checks.

That could lead to problems if an individual asks to be forgotten and the request isn't carried out - potentially leading to the large fines.

Solix's research also found that 82 percent of organisations don't know where their most sensitive personal data is stored, with only 55 percent maintaining audit trails for data consents, collections updates, and deletion. All of this could lead to organisations being deemed non-GDPR compliant.

"It's clear that the majority of organisations are not currently prepared to meet GDPR requirements," said John Ottman, Executive Chairman of Solix Technologies. "There is an urgency to take steps now, as the enforcement deadline quickly approaches and applies to anyone who is currently operating with EU customers."

An analysis by Forrester found that just a quarter of organisations across Europe are thought to be GDPR compliant already, with significant numbers of organisations unsure about what they need to do about GDPR, with some even being unaware of it completely.

In addition to this recent UK government report suggested that under half of businesses are aware of the upcoming GDPR laws or what they mean for information security is handled.

Organisations of all sizes in all sectors find themselves having to prepare for GDPR, with local government one of many sectors which need to comply. A newly released report by the Parliament Street think tank has described GDPR as "a major challenge for the way UK local authorities approach data security policies and handle public information".

Figures released following a freedom of information request by the think tank suggest London boroughs have spent over £1.2 million in an effort to prepare for GDPR, but there's a large disparity between budgets being set aside.

At the highest end, Tower Hamlets has set aside £300,000 for GDPR compliance, while Houslow, has set aside the lowest amount, just £1,000 has been spent on staff training and materials, with an additional £4,000 set aside for the rest of the year.

The report recommends that GDPR compliance across London could me made simpler if the boroughs shared responses.

"The sharing of GDPR consultants, sharing of data management policies and implementation strategies will in turn reduce costs and create a more efficient example of local government in action," says the paper.

To contact the GDPR Advisory Board please visit:  www.gdpr-board.co.uk

ZDNet

You Might Also Read:

GDPR-Regulated Data Is Lurking In Unexpected Places:

Your Questions Answered By The GDPR Advisory Board:

 

 

 

« Cyberbullying Attacks the Young
Which Phishing Messages Have A Near 100% Click Rate? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Thales

Thales

Thales provides solutions, services and products that help its customers in the defence, aeronautics, space, transportation and digital identity and security markets to fulfil their critical missions.

CERT-PA

CERT-PA

CERT-PA is the national Computer Emergency Response Team for Italian government institutions.

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

Networkers

Networkers

Networkers is a global recruitment consultancy helping unite job-seekers and hiring companies across the technology industry.

Cybersec Infohub

Cybersec Infohub

Cybersec Infohub is a Hong Kong government programme to enhance the exchange of cyber security information with industry and enterprises to jointly defend against cyber attacks.

ActiveNav

ActiveNav

ActiveNav provide dark data discovery solutions for compliance and information governance.

Newberry Group

Newberry Group

The Newberry Group provides comprehensive IT services and solutions that optimize operations, minimize risk and deliver measurable business value.

Tangible Security

Tangible Security

Tangible employs the most sophisticated cyber security tools and techniques available to protect our clients’ sensitive data, infrastructure and competitive advantage.

Infinite Ranges

Infinite Ranges

Infinite Ranges delivers secure, comprehensive digital solutions by connecting experts with the best products and services for the digital age.

Periculus

Periculus

Periculus makes managing digital risk simple. Its integrated platform offers access to purchase cyber insurance and cyber security solutions uniquely tailored to fit the needs of every business.

Buchanan & Edwards

Buchanan & Edwards

Buchanan & Edwards delivers forward-focused technology solutions that help our clients transform the way they perform their missions.

Cyber Security Works (CSW)

Cyber Security Works (CSW)

Cyber Security Works is your organization’s early cybersecurity warning system to help prevent attacks before they happen.

BIRD Cyber

BIRD Cyber

BIRD Cyber is a program to promote collaboration on cybersecurity and emerging technologies aimed at enhancing the cyber resilience of critical infrastructure.

CYGNVS

CYGNVS

CYGNVS is a guided cyber crisis response platform providing anytime, anyplace access. A SaaS platform for cyber crisis management – a safe way to connect and control your response.

WireGuard

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs).

Northern Computer

Northern Computer

Northern Computer provides comprehensive IT solutions that streamline your operations and help you achieve your business goals.