Lundi, 25 Janvier 2021
Dernières nouvelles
Principale » Majority of organisations that think they're GDPR compliant actually aren't

Majority of organisations that think they're GDPR compliant actually aren't

27 Juillet 2017

This has fueled data growth at an unprecedented rate and increased risks to business, especially in the legal aspects of adopting new technology and ensuring compliance with data protection regulations.

According to findings, nearly one-third (31%) of respondents said that their enterprise already conforms to the legislation's key requirements.

Only 31% of respondents said they had governance sponsorship for GDPR at board level, while just 9% said their compliance departments were giving them full support. Veritas reported that on closer inspection, only two percent appear to actually be in compliance. A majority of them (61%) also admitted that it would be hard for them to comply with GDPR's mandatory requirement of reporting a personal data breach within 72 hours of awareness. However, Veritas' research shows many organizations that stated they already are in compliance will not be able to search, find and erase personal data if the "right to be forgotten" principle is exercised.

All the above issues would make companies non-compliant with EU's GDPR, which could attract a 20 million euro fine or up to 4% of the companies' global annual revenue (whichever is greater).

Half of the organizations that claimed compliance also kept allowing former employees access to their systems, even though this is often the cause of data breaches. These findings highlight that even the most confident organizations struggle to control former employee access and are potentially susceptible to attacks.

It is practically impossible to avoid seeing the avalanche of warnings about the General Data Protection Regulation (GDPR) coming into force next year.

Of the organisations that believe they are GDPR-ready, one-fifth (18%) admitted that personal data can not be purged or modified. Second, the new system, process, service, etc must include choices for the individual on how much personal data they wish to share.

Storage is also a key problem area, with more than a third (35 percent) citing that ensuring data is stored securely, and whether it's on premise or in the cloud, as their biggest challenge and most likely to keep them awake at night.

"With severe sanctions in play from the outset of GDPR's introduction, we believe there will be an impact on how companies approach their mobile strategy, in particular, their willingness to continue to supporting a BYOD (Bring Your Own Device) or COPE (Corporate Owned, Personally Enabled) strategy".

Creepy clown with a machete arrested in Maine
The suspect, later identified as Corey Berry, 31 , was detained by authorities at around 7pm local time after fleeing into woods. The sinister craze began in SC , with reports that men dressed as clowns were trying to coax children into the woods with money.

There exists a common misunderstanding among organisations regarding the responsibility of data held in cloud environments.

Companies fear that the European Union's forthcoming ePrivacy Regulation may set rules for processing communications data that are out of step with the standards laid out in the bloc's upcoming General Data Protection Regulation (GDPR), privacy professionals told Bloomberg BNA.

The location of data processing equipment is no longer a determining factor - i.e., worldwide businesses can not avoid the application of the GDPR by locating processing equipment outside the EU. This perceived false sense of protection could lead to serious repercussions once the GDPR is enacted. However, the GDPR will significantly harmonise the current national data protection laws across the EU. However, the latest findings show confusion over what's needed to comply with the regulation's mandatory provisions.

"With regulations like the GDPR you have to understand what data you have in your organization". But you must also know how to take action on it and how to classify it so that policy can be applied accordingly. The business (a data controller) wishing to collect and utilise the data must clearly explain the uses to which the data is to be put and will be required to provide evidence that their processes are compliant and followed in each case.

The GDPR is meant to harmonise data privacy and protection mandates across European Union (EU) member states.

In the absence of a relevant decision by the European Commission, the transfer of data to a third country without the need for the data protection authority's consent may take place only if adequate safeguards are provided, such as the use of Binding Corporate Rules (BCR) approved by the competent authority for the protection of personal data (a solution particularly favorable for worldwide corporations) or standard contractual clauses adopted by the European Commission (controller-controller or controller-processor clauses) or the use of an approved code of conduct or certification mechanism. The likelihood of such scenarios has prompted technology evangelists like Nandan Nilekani to press for an immediate creation of stringent data protection laws. The Integrated Classification Engine is available now in Veritas Data Insight 6.0, and will be available with Veritas Enterprise Vault 12.2 in August.

If the answer to any of those queries is yes, then GDPR compliance is a must. New start-ups will disrupt incumbents and privacy by design will drive competitive advantage. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Veritas, may or may not be implemented, should not be considered firm commitments by Veritas, should not be relied upon in making purchasing decisions, and may not be incorporated into any contract.

Veritas, the Veritas Logo, NetBackup, Backup Exec and Enterprise Vault are trademarks or registered trademarks of Veritas Technologies LLC or its affiliates in the USA and other countries.

Majority of organisations that think they're GDPR compliant actually aren't