Most companies won’t be ready for GDPR says WinMagic

With just one month until the new EU General Data Protection Regulation Legislation (GDPR) comes into force, data security company WinMagic, has released the findings of research that suggests many companies will not be ready when it takes effect on May 25th, 2018. 62% of IT Decision Makers (ITDMs) surveyed describe themselves as ‘confident’ in the build-up, with 1 in 5 (18%) saying they are nervous.
Only half (51%) of companies say they have all the systems in place that will allow them to remove EU Citizen data from servers upon the request, including back-ups, in accordance with Articles 16 & 17 of GDPR. Worryingly, a fifth (21%) do not yet have any systems in place.
In many cases, companies lack the systems and processes to ensure compliance with the new legislation which affects all companies holding and processing EU citizen data. They must have “appropriate technical and organizational measures” in place to safeguard personal data, as well as minimize data collection, processing and storage. Non-compliance can lead to fines of €20 million or 4% of turnover, but this is far outweighed by the reputational damage that can occur from a data breach where non-compliance has heightened the risks for citizens.
Whilst 73% believe GDPR will change the way their business will operate to meet compliance, there are a number of key areas where they will fail to meet the requirements of the legislation:
Data management delays
· A quarter (25%) admitted that systems were only part implemented, and would not allow the automated removal of citizen data from back-ups
· Just 48% of data is geo-fenced so that it cannot be accidentally, or intentionally, moved out of the legal jurisdiction under which it should be
· Many ITDMs (49%) admit not always conducting security audits of the storage locations their data processing and storage partners use
Failing to encrypt data
An average 20% of the companies surveyed lack continuous encryption for personally identifiable information across their cloud and on-premises servers, despite appropriate levels of encryption and anonymisation being a requirement for GDPR compliance. Encryption also acts as a last line of defence in the event of a data breach, making data illegible when in the hands of unauthorised parties.
Continuous encryption can be complicated to implement in modern environments where infrastructure and data span both cloud and on-premises servers. Where companies lack strict security and encryption management for technologies such as virtual machines and hyper-converged infrastructure, uncontrolled data sprawl can be common, leading to silos of hidden data, and a fragmentation of governance, that leaves companies non-compliant, and at risk of heavy fines.
Poor data breach monitoring
When a data breach occurs, speed is the key element in responding to on-going attacks, but also to controlling the spread and abuse of data by cybercriminals. GDPR requires companies to report data breaches to the relevant regional authority within 72 hours of discovery, yet 41% of ITDMs believe they could not achieve this today. Perhaps more worrying is that many companies lack the tools that will identify a breach ever occurred or the data taken:
· 33% lack confidence and 6% have no confidence, that their systems would automatically identify a breach triggered by an external source.
· For internal breaches, 34% lack confidence and 6% have no confidence, that their systems would automatically identify a breach event.
· Only half (55%) believe they can precisely identify the data exposed by a breach

“Whilst companies have made general improvements in their preparations for EU General Data Protection Regulation, the survey suggests that most will not be fully compliant with the regulation when it comes into force,” said Mark Hickman, Chief Operating Officer at WinMagic. “Whilst many will have sought the necessary authorizations from EU Citizens to store their data and use it for marketing etc., they will lack the processes and protections demanded by the legislation to ensure compliance and protect personally identifiable information with which they have been entrusted. Effective control and management of the IT infrastructure spanning on-premises and cloud service providers for security and specifically encryption, will be a critical component in meeting the legislative requirements and minimizing the risks to consumers.”

For more information, please visit www.winmagic.com.

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Barracuda releases ransomware research

After identifying and analysing 106 highly publicised ransomware attacks over the past 12 months, Barracuda researchers have found that the education (15%), municipality (12%), healthcare (12%), infrastructure (8%), and financial (6%) sectors are the five most targeted by adversaries.
Mark Haper

Threats to Your Physical Data Destruction Process

Mark Harper of HSM, discusses how the media focus on cyber-attacks and digital data breaches means we are in danger of neglecting our physical information security.
Mark Haper

Threats to Your Physical Data Destruction Process

Mark Harper of HSM, discusses how the media focus on cyber-attacks and digital data breaches means we are in danger of neglecting our physical information security.

Threats to Your Physical Data Destruction Process

Mark Harper of HSM, discusses how the media focus on cyber-attacks and digital data breaches means to our physical security
Axis intersec

Join Axis at Intersec 2019 and experience secure intelligent solutions

In 2018 we invited you to join us at Intersec. This year, we add another growing segment to the list – Smart Cities. So, what is new?
GRC International Group

GRC International Group brings clarity to GDPR breach reporting with the launch of GRCI Law

GRC International Group has launched GRCI Law – a new arm of the organisation designed to support organisations in all aspects of GDPR compliance.

GRC International Group brings clarity to GDPR breach reporting with the launch of GRCI Law

GRC International Group has launched GRCI Law – a new arm of the organisation designed to support organisations in all aspects of GDPR compliance.

GDPR compliance demystified with new online self-service tool

Information security specialists, Shred-it, has announced the release of a new online self-service tool designed to help businesses achieve General Data Protection Regulation (GDPR) compliance.

GDPR compliance demystified with new online self-service tool

Information security specialists, Shred-it, has announced the release of a new online self-service tool designed to help businesses achieve General Data Protection Regulation (GDPR) compliance.
Scroll to Top