The European Union General Data Protection Regulation (EU GDPR) goes into effect on May 25, 2018 representing a sweeping change in data privacy regulations. EU GDPR requires organisations that host data on European citizens to adhere to specific regulations that protect their personal data from being compromised. If companies suffer a data breach, they can be fined up to ˆ20 million or 4 percent of turnover, whichever is greater.
Survey respondents were asked what challenges their company faces in becoming compliant with EU GDPR regulations. The most frequently mentioned challenge is a lack of budget (50 percent), closely followed by a lack of in-house IT expertise (48 percent) and limited understanding of the regulations (37 percent).
“Among the many articles of GDPR, EU companies are most concerned about Article 25, ‘Data protection by design and by default,’ likely because it requires significant system re-design and investment in data protection controls and processes,” commented Oliver Pinson-Roxburgh, EMEA Director at Alert Logic.
While the majority of those surveyed (61 percent) stated they have a formal process in place to notify authorities in the event of a data breach, only 39 percent confirmed that they always follow this process.
In terms of the enforcement of GDPR, the survey also revealed that approximately one third of EU-based companies (32 percent) expect substantial changes to their companies’ security practices and technologies in order to become compliant with EU GDPR policies. Moreover, a further third of organisations expect that regulators will issue a significant number of fines to companies found to be non-compliant; however, 42 percent expect that only a few organisations will be fined for non-compliance.
“Complying with GDPR is not straightforward. It will require detailed planning and collaboration with all the businesses in your chain, as well as an efficient, solutions-based approach to breach detection,” said Pinson-Roxburgh. “Security-as-a-Service providers can speed detection and response by drawing from huge pools of data and dedicating threat detection and analyst teams to assess potential incidents and recommend remediation.”
24x7 security monitoring coupled with market-leading security technology and innovation enables companies to detect more complex attacks, reducing the chances of a cyber criminal hacking a business’ IT infrastructure. Additionally, the ability to gain immediate knowledge of attacks during a breach can assist in an incident response plan and provide evidence to support audit and compliance.
“The age of hoping that breaches don’t happen is beyond us; the intent of these regulations and standards are to help companies improve security, reduce the time to detection and be proactive in identifying as well as protecting their sensitive data,” Pinson-Roxburgh concluded.
