Prep sluggish for GDPR deadline, study finds

A new study finds most companies may not be ready for the European Union General Data Protection Regulation (EU GDPR), which becomes law May 25, 2018. The 2017 EU GDPR Readiness Report by Crowd Research Partners and STEALTHbits Technologies Inc. amassed data from 500 cybersecurity professionals who are members of LinkedIn's Information Security Community. Nearly 90 percent of organizations surveyed were familiar with the EU GDPR, but only 32 percent considered themselves compliant or nearly compliant, researchers noted.

"This survey reveals that while over 90 percent of the respondents indicated familiarity with the EU GDPR, less than a third believe they are compliant or well on their way to compliance," said Holger Schulze, Chief Executive Officer at Crowd Research Partners, and founder of the Information Security Community on LinkedIn. "What is striking in this study is the marked contrast in level of preparedness and awareness between companies headquartered in the US and the European Union.

Security overhaul needed

As companies scramble to meet the fast-approaching deadline, 30 percent of survey respondents indicated that they would be making substantial changes to their security practices and technologies to conform to GDPR guidelines. Their top challenges were finding ways to address budgetary deficits (32 percent), hiring experts (28 percent) and ensuring that all staff fully understands the regulatory requirements (29 percent), according to the report. Approximately 65 percent of participants have a Data Protection Officer on staff or plan to hire one.

Adam Laub, Senior Vice President of Product Marketing at STEALTHbits Technologies, said the upcoming regulation is prompting numerous organizations to prioritize privacy best practices. "We would encourage organizations to review this report carefully to understand the perspectives of their peers and gain insight into some of the challenges involved in GDPR conformance," he stated.

Implementation begins

Researchers noted the GDPR's anticipated regulatory impact will vary by industry, depending on the amount of personally identifiable customer information that businesses collect. They found that participants have identified multiple avenues within their corporate networks that will need to become compliant. Many are taking an inventory of user data and mapping it to protected EU GDPR categories in the following ways:

• Applications and database management: 31 percent have enabled default data privacy settings in apps and databases.
• Data record audit trails: 28 percent have audited data records to identify possible "rogue" data records with personal information.
• Enable individual user rights: 28 percent are evaluating ways to enable users to control their data rights and settings.
• Customize solutions: 26 percent are identifying and integrating internally developed solutions.
• Third-party solutions: 24 percent are identifying and integrating external compliance applications.
• Stress-testing: 17 percent are stress-testing the resilience and performance of developing GDPR solutions.

Bracing for global impact

Tony Fulda, Managing Director of Strategic Advisory Services for San Jose, Calif.-based AppSec Consulting Inc., said companies that work with European firms or have employees, partners or customers in the European Union, will face termination and noncompliance penalties if they fail to implement EU GDPR guidelines for collecting and managing Personally identifiable information on or before the May 2018 deadline.

"Our consulting team has been advising clients on how to best meet or exceed GDPR's new requirements and build out a sustainable and appropriate privacy program," he stated. "An expanding number of organizations are getting in front of these new requirements as a good business practice, as well as to mitigate the risk of leaking private personal information by human error or cyber-attack."

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.