37 percent of respondents have reported an incident to the Information Commissioner in the past 12 months, with 17 percent having done so more than once. Broken down by company size, 53 percent of mid-size companies have reported a breach, compared to 36 percent of small companies and 23 percent of enterprise organisations.Previous GDPR surveys have revealed that 30 percent of European businesses are not confident they are GDPR-compliant, suggesting the UK private sector is perfoming worse than in Europe. 35 percent of companies said GDPR compliance was top of the agenda in the build up to the May 2018 deadline but has since slipped down their list of priorities, despite the hefty and high-profile fines recently issued to Marriott and British Airways for noncompliance.
“Although the authority’s announcement that it intends to fine British Airways and Marriott such staggering sums sent shockwaves through the security community, it is concerning only 6% of organisations have taken action to avoid the full potential of the legislation,” said Tony Pepper, CEO at Egress.
“These announcements should definitely have acted as a clearer warning that organisations cannot risk compliance complacency.”The largest area of compliance investment has been towards new processes around the handling of sensitive data (28 percent), followed by data collection auditing (18 percent), recruitment of a Data Protection Officer and other compliance personnel (18 percent), and new technology (18 percent). Less than one-in-ten said user education and training had been their biggest area of investment.
“It’s positive to see that almost one-fifth (17%) of respondents are looking to technology as a way to mitigate breaches, but they must ensure these solutions tackle human error as the root causes of many of these incidents,” Pepper added.GDPR was introduced to give European citizens more control and access to the personal data collected from them by organisations, with more transparency and the threat of larger fines to those in breach of the rules also introduced. Between May 25 2018, the day which GDPR was introduced, and the beginning of May this year, the Information Commissioner’s Office received a total of 14,072 data breach notifications.
Written by James Orme 12 hours ago