78 per cent of UK enterprises still not in a GDPR state of mind

Majority of UK businesses with 5,000+ employees are still concerned about GDPR and have work to do before they are fully compliant.

  • 7 years ago Posted in
A new report from CA Technologies reveals that only just over a quarter (28%) of large businesses in the UK have started preparing for the European General Data Protection Regulation (GDPR), which comes into force in May 2018.
 
And, only 22 per cent are completely prepared and waiting to get started, according to decision makers. Preparations are unlikely to be simple; GDPR is set to ramp up the legal data privacy rights of customers, specifically with personal data being extended to include social media posts, photographs, transaction histories and IP addresses and more. Yet when asked about the safe storage of sensitive and personally identifiable data (PII), almost one in five respondents (18%) were not confident that it was stored in places where only their organisation could access it. In addition, a third (34%) are not yet able to detect PII and other sensitive data during development.
 
Conversely, the respondents cited confidence in board-level awareness of GDPR and ability to act. The majority of business leaders questioned (89%) were confident about their board’s readiness, with 57 per cent boasting “very” and “reasonable” levels of confidence.
 
“Larger businesses may well receive more attention from the public on GDPR compliance. They are likely to hold more sensitive data and have higher profits than their smaller counterparts, so the regulators will be watching closely,” Rob Coleman, UKI CTO at CA Technologies commented. “There’s a worrying disparity between confidence in the board’s preparedness and actual readiness to act when we look at the specifics around storage, security and development. GDPR needs to be embedded into every single element of the business, with programmes represented by each unit of the organisation; including HR, finance, legal and IT.”
 
Critical to GDPR compliance is secure storage of data and appropriate access. While 54% indicate they are “reasonably” (25%) or “quite” (29%) confident, only a quarter (27%) of respondents are “very confident” that all sensitive data and PII can only be accessed from within the organisation. Denying access to former employees when they leave the business is essential to this, but only 23% revoke access within minutes, and a worrying 3% can take a year or longer.
 
“There is an opportunity for organisations to do better when it comes to handling sensitive data,” adds Coleman. “GDPR won’t be letting security breaches sit unnoticed. UK businesses need to move fast to ensure that they are compliant, and that more importantly, that they are delivering the high level of security and service that their customers expect in today’s application economy.”
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...