Set to go into effect on May 25, 2018, GDPR requires all organizations doing business in EU member countries to comply with new regulations governing the data privacy rights of EU citizens.
“With nearly 5 billion data records exposed in the past 4 years alone there is a clear trend toward stronger protection of consumer data, and GDPR is a major first step in that direction,” said Anthony Di Bello, Senior Director, Products, Guidance Software. “This data suggests that many organizations are, on the whole, behind schedule for compliance. Security leaders must make GDPR a priority over the next year in order to avoid major financial penalties.”
Companies are not far along with GDPR planning: Only 15.7% of companies surveyed are in advance planning for GDPR, while 24% of organizations say they will not be ready by the May 2018 deadline.
Bigger companies are further along: 43% of organizations with $1 billion or more in revenues currently have processes that can identify data records of any EU citizen and determine where that data is being processed. This compares to 26.8% of organizations with less than $100 million in sales.
Top activities to be GDPR compliant:
- Use/maintain policies/procedures for the anonymization and de-identification of personal data (24.9%).
- Conduct a full audit of EU personal data manifestation (22.8%).
- Use US Cloud repositories implemented with EU encryption (21.4%).
- Evaluate all third-party operational partners that access personal data transfers (21.4%).
Identifying data records of EU citizens: More than half of companies surveyed have not yet begun to evaluate third-party products or developer processes to identify data records of EU citizens.
Hiring Data Protection Officers: When asked to prioritize the recruiting and training a qualified Data Protection Officer, 23.7% named it a high priority; 18.1% named it a medium priority; and 15.4% named it a low priority.