Symantec Corp. revealed today that according to a survey conducted, 96% of companies still do not fully understand the new European General Data Protection Regulation (GDPR), which will enter into force in May 2018.
The results of Symantec's research on the European Commission on Personal Data European Data Privacy Survey , conducted through interviews with 900 businesses and IT executives in the UK, France and Germany, show that 91% of respondents have serious concerns about compliance.
The survey also revealed that only 22% of businesses consider compliance to be a top priority for the next two years, while only 26% of respondents believe that their business is fully prepared for the new European General Data Protection Regulation (GDPR). .
"These findings show that businesses are not only unprepared for the GDPR, they are not even in the process of preparation," said Kevin Isaac, vice president of Symantec. "There is a significant differentiation on the importance of protecting privacy and security for consumers, with business priority. The good news is that there is still time to correct the situation - if companies are actively involved. "
Lack of regulatory information
Respondents to the survey, almost a quarter (23%) said that their business will not be at all or only partially compliant by 2018. Of this percentage, only 20% believe it is possible to become fully compliant with the GDPR, while almost half of them (49%) believe that only certain segments of companies will be able to comply, as opposed to other segments that will not.
This lack of confidence in complying with the start date in May of 2018 puts companies in jeopardy resulting in the payment of high fines by the end of that date.
Lack of understanding of customer requirements
As businesses fight for their compliance, they remain out of touch with consumer expectations regarding the protection and security of personal data. Nearly 74% of businesses do not consider personal data protection to be one of the top three priorities of the consumers they deal with, despite the fact that in 36% of businesses, customers often ask about the security of their data in transactions. their.
Equally worrying is the result of the survey, where 35% of respondents do not believe their business is taking a moral approach to securing and protecting their customers' data.
These results show that there is a significant distance from the priorities of consumers compared to those of businesses. The Symantec survey showed that 88% of European consumers see the security of their data as the most important factor in the process of choosing a company to deal with. In fact, 86% consider it even more important than the quality of the product.
Unsurprisingly, the survey found that 55% of businesses are not convinced that they fully understand the security concerns of customers' personal data.
Lack of preparation
The Symantec study concluded that many companies have not even begun to work on organizational changes with a view to compliance, to be carried out by May 2018, when the new European General Data Protection (GDPR) regulation will be activated.
- About one in ten (9%) claims that all employees have access to customer personal information.
- 6% claims that all their staff may have access to details regarding customer payment data.
- Only 14% believes that everyone in an organization has a responsibility to guarantee that the data is protected.
With so many people accessing personal information, companies have not understood the challenges they will have to face to be able to manage their compliance with GDPR.
- Less than half of the respondents (47%) claimed that moral data management is the top priority for their company and fewer than half also claimed that they could increase security education.
- Only 27% of enterprises intend to fully restructure their approach to GDPR requirements.
Technical readiness and the right to "Ignore"
- 91% of respondents have concerns about their business ability to comply with GDPR, due to factors such as the complexity of proper data processing, time and cost.
- Only 28% of computing officers, or other departments, understand that the right to ignore is part of the new GDPR.
- 90% of businesses claim that customers' requirement to delete their personal data is a challenge for their business.
- Only 9% of respondents have already received requests for ignorance.
- 81% of respondents believe that their clients will exercise their right to delete their personal data.
- However, 60% of enterprises do not have the appropriate system to be able to meet these requirements.
"Businesses must recognize that privacy, security and compliance with GDPR are the most important factors that will diversify businesses," said Kevin Isaac, vice president of Symantec. "The business response to GDPR should become a core point of organizational planning, but also of their culture. Adopting a fragmented approach will create more problems than it will solve. "
Ο Peter Gooch, cyber - risk partner, Deloitte, comments:
"Companies should successfully lead the GDPR's key support points and embrace privacy by its design. They also need to understand that the proper security and privacy of procedures can provide significant competitive advantages that will lead to gaining consumer confidence while being driven by regulatory requirements. "
Prof. Dr. Udo Helmbrecht, Executive Director, European Network and Information Security Agency (European Agency for Network and Information Security (ENISA) comments:
"Given the fundamental importance of the General Data Protection Regulation in shaping the EU's tomorrow's digital environment, the European Network and Information Security Agency (ENISA) welcomes initiatives such as this, which increase our understanding of the challenges of implementing Regulation , in order to achieve the goals we have set. "
The European Regulation on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such Data is to enter into force in the Spring of 2018. The collection and exchange of personal data has increased significantly in recent years as technology allows both private businesses and public authorities to use personal data on an unprecedented scale to pursue their activities. These developments have led the European Union to establish a strong data protection framework with this regulation.
Registration in iGuRu.gr via Email
1 Symantec's 2015 State of Privacy Report: