European businesses are still unsure about GDPR – almost 78% of IT decision makers at more than 700 European companies either lacked understanding about the impact of the regulation on their organizations or were completely unaware of it. However, encryption, which is addressed by the GDPR, is desired by more than every third company in a new IDC survey.
“63% of confirmed data breaches are attributed to stolen or cracked passwords, indicating the critical need for an additional or alternative authentication factor… Anonymization of data is one option, encryption is another; both have pros and cons. Anonymization is good, but can be defeated by correlation from more sources. Encryption resolves that but – at least until recently – was seen as too complex and expensive for most small and medium-sized enterprises,” says IDC Research Manager Mark Child.
“Protecting customers and partners is of course paramount to the continued success and survival of any entity, however companies also increasingly recognize the business value of their data and are aware of the expanding legislative frameworks they must comply with and the penalties levied for failing to do so,” adds Child.
Still, the ground-breaking EU regulation is not completely understood by business. Of those that are aware of the GDPR, 20% say they are already compliant, 59% say they are working on it, and 21% say they are not prepared at all. IDC carried out its survey among IT professionals in more than 700 businesses in the Czech Republic, Germany, Italy, the Netherlands, Slovakia, Spain and the United Kingdom during Q4 of 2016.
Another interesting finding is the approach of European small and medium-sized enterprises towards encryption. “Many organizations recognize that their existing antimalware software is insufficient in the current threat environment, and half of respondents cited this as their top area to add to or upgrade,” says IDC’s Child. Encryption, which is mentioned in the GDPR regulation, is desired by 36% of the respondents.