Over 50% Firms Unprepared For Data Protection Regulation: Veritas
According to a study by Veritas Technologies, more than half of all business are yet to take any steps to meet parameters of the General Data Protection Regulation (GDPR). Due to this situation, there could be well be multiple fines imposed on them, over the next 18 months. Intended to harmonize data security, retention and governance legislation across European Union (EU) member states, GDPR requires greater oversight of where and how sensitive data, including personal, credit card, banking and health information, is stored and transferred, and how access to it is policed and audited by organizations.
GDPR will not only affect companies within the EU, but extend globally to the U.S. and other countries, impacting any company that conducts business in the region or with an EU organization.
The research findings from The Global Databerg Report,which surveyed more than 2,500 senior technology decision makers in 2016 across Europe, the Middle East, Africa, the U.S. and Asia Pacific, reveal 54% of organizations have not advanced their GDPR compliance readiness. With a quarter of the EU’s grace period over before the legislation takes effect in May 2018, the responses bring into focus a number of operational, compliance and planning issues, in particular the ownership of GDPR processes and the ability to implement data cleansing policies and end of life requirements.
The study was conducted for Veritas by research firm Vanson Bourne to investigate how organizations store and manage their data, highlighting attitudes and behaviors that are fueling an unprecedented data explosion.
Unclear Executive Ownership of GDPR
Findings from the research revealed a lack of preparedness for GDPR and confusion over who is ultimately responsible for its adherence and compliance. Almost one third, or 32%, of survey respondents believe the Chief Information Officer is responsible for GDPR, compared to 21% for the Chief Information Security Officer, 14% for the Chief Executive Officer and 10 percent for the Chief Data Officer.
According to the survey, those individuals responsible for implementing a GDPR process also face a variety of risks if data is not handled properly. Just under one third, or 31%, of respondents were worried about reputational damage to their organizations from poor data policies, while almost 40% were fearful of a major compliance failing within their business.
Data Pressure Points
Fragmentation of data and loss of visibility are among the biggest data challenges organizations face, making it more difficult to comply with GDPR regulations. An estimated 35% of those surveyed flagged this issue as their biggest concern. In particular, the rise of unmanaged cloud-based file storage and consumer file-sharing services in the enterprise raised fears about future compliance issues. A quarter of respondents admitted to using cloud-based services, such as Box, Google Drive, Dropbox, EMC Simplicity or Microsoft OneDrive, against their current company policies. Another 25% reported running unrecognized off-site file storage services, making it even harder for IT departments to manage their use with recognized tools.
In addition to the storage challenges, respondents pointed to perceived risk factors that any security and regulatory compliance must address. Over one half, or 52%, of respondents said they were concerned about the threat of data loss from the business, with 48% particularly concerned about data being lost in transit between sites and systems. Four in 10 respondents were also concerned about employees mishandling data and undermining compliance efforts in the process.
The Right to be Forgotten
With GDPR, businesses must analyze and act on legitimate requests from individuals to have their data purged by organizations if it is no longer relevant or necessary. However, the combination of data fragmentation and unstructured data hoarding within organizations makes it almost impossible for companies to comply with these requests. The lack of visibility into dark data and information held outside of corporate IT systems complicates compliance and exposes organizations to substantial financial and legal risk. These and other GDPR compliance failures carry a harsh financial cost for businesses: a maximum fine of €20 million ($22.3 million) or up to four percent of worldwide revenue, whichever is higher.
“GDPR is the most significant change to data protection in a generation and an imminent global issue that will dominate data privacy, management and regulation discussions in 2017,” said Mike Palmer, Executive Vice President and Chief Product Officer, Veritas. “To avoid potential regulatory fines or worse, damage to their corporate brands and reputations, global enterprises must take action now to understand where their data resides and how to protect it.”
- Cyber Security Predictions For 2018
- SpiderOak CEO Warns Of 10 Cybersecurity Threats For 2018
- Uber Data Breach: Accountability, Corporate Ethics In Question
- 4 Big Data Trends To Watch In 2018
- Customer-Facing Web, Mobile Apps Pose Highest Security Risk: Study
- Stratus Unveils Edge Computing Strategy
- 70% Consumers Stop Following A Business After Data Breach: Study
- Big Data Gaining Grounds In Precision Medicine
- CISOs, Beware Of Crime-as-a-Service, IoT Threats In 2018
- Ericsson Forecasts 1 Billion 5G Subscriptions By 2023