Alert Logic survey finds only 5% of EU companies believe they are compliant with GDPR
The survey results show that while most of the surveyed companies (77%) are familiar with the EU General Data Protection Regulation (GDPR), only 5% believe they are compliant with all applicable requirements less than a year before the regulation goes into effect. A further 27% were not confident they will be ready by the time GDPR is enforceable in May 2018.
The European Union General Data Protection Regulation (EU GDPR) goes into effect on May 25, 2018 representing a sweeping change in data privacy regulations. EU GDPR requires organisations that host data on European citizens to adhere to specific regulations that protect their personal data from being compromised. If companies suffer a data breach, they can be fined up to €20 million or 4% of turnover, whichever is greater.
Survey respondents were asked what challenges their company faces in becoming compliant with EU GDPR regulations. The most frequently mentioned challenge is a lack of budget (50%), closely followed by a lack of in-house IT expertise (48%) and limited understanding of the regulations (37 %).
“Among the many articles of GDPR, EU companies are most concerned about Article 25, ‘Data protection by design and by default,’ likely because it requires significant system re-design and investment in data protection controls and processes,” commented Oliver Pinson-Roxburgh, EMEA director at Alert Logic.
While the majority of those surveyed (61%) stated they have a formal process in place to notify authorities in the event of a data breach, only 39% confirmed that they always follow this process.
In terms of the enforcement of GDPR, the survey also revealed that approximately one third of EU-based companies (32%) expect substantial changes to their companies’ security practices and technologies in order to become compliant with EU GDPR policies. Moreover, a further third of organisations expect that regulators will issue a significant number of fines to companies found to be non-compliant; however, 42% expect that only a few organisations will be fined for non-compliance.
“Complying with GDPR is not straightforward. It will require detailed planning and collaboration with all the businesses in your chain, as well as an efficient, solutions-based approach to breach detection,” said Pinson-Roxburgh. “Security-as-a-Service providers can speed detection and response by drawing from huge pools of data and dedicating threat detection and analyst teams to assess potential incidents and recommend remediation.”
24×7 security monitoring coupled with market-leading security technology and innovation enables companies to detect more complex attacks, reducing the chances of a cyber criminal hacking a business’ IT infrastructure. Additionally, the ability to gain immediate knowledge of attacks during a breach can assist in an incident response plan and provide evidence to support audit and compliance.
“The age of hoping that breaches don’t happen is beyond us; the intent of these regulations and standards are to help companies improve security, reduce the time to detection and be proactive in identifying as well as protecting their sensitive data,” Pinson-Roxburgh concluded.
To find out more, please read our “Brexit Won’t Get UK Out of General Data Protection (GDPR) Compliance) blog, watch the “Assess Your GDPR Cloud Security Readiness” webinar, or download the GDPR – Compliance in the EU report.