Symantec Corp. revealed today that according to a survey conducted, 96% of companies still do not fully understand the new European General Data Protection Regulation (GDPR), which will enter into force in May 2018.
The results of Symantec's research on the European Commission on Personal Data European Data Privacy Survey , which was conducted through interviews with 900 businesses and IT managers in Britain, France and Germany, show that 91% of respondents have serious concerns about the ability to comply.
The survey also revealed that only 22% of businesses consider compliance to be a top priority for the next two years, while only 26% of respondents believe that their business is fully prepared for the new European General Data Protection Regulation (GDPR). .
«Τα ευρήματα αυτά δείχνουν ότι οι επιχειρήσεις όχι μόνο είναι απροετοίμαστες για τον GDPR, αλλά δεν μπαίνουν καν στη διαδικασία της προετοιμασίας», δήλωσε ο Kevin Isaac, αντιπρόεδρος της Symantec. «Υπάρχει μια σημαντική διαφοροποίηση σχετικά με το πόσο σημαντική είναι η προστασία της ιδιωτικής ζωής και της better safetys for consumers, with the priority it has for businesses. The good news is that there is still time to remedy the situation – if companies act now.”
Lack of regulatory information
Respondents to the survey, almost a quarter (23%) said that their business will not be at all or only partially compliant by 2018. Of this percentage, only 20% believe it is possible to become fully compliant with the GDPR, while almost half of them (49%) believe that only certain segments of companies will be able to comply, as opposed to other segments that will not.
This lack of confidence in complying with the start date in May of 2018 puts companies in jeopardy resulting in the payment of high fines by the end of that date.
Lack of understanding of customer requirements
As businesses struggle to comply, they remain out of touch with consumer expectations for the protection and security of personal data. Almost 74% of businesses do not consider the protection of personal data as one of the top three priorities of consumers they deal with, despite the fact that in 36% of businesses, customers often ask about the security of their data in transactions their.
Equally worrying is the result of the survey, where 35% of respondents do not believe their business is taking a moral approach to securing and protecting their customers' data.
These results show that there is a significant distance from the priorities of consumers compared to those of businesses. The Symantec survey showed that 88% of European consumers see the security of their data as the most important factor in the process of choosing a company to deal with. In fact, 86% consider it even more important than the quality of the product.
Unsurprisingly, the survey found that 55% of businesses are not convinced that they fully understand the security concerns of customers' personal data.
Lack of preparation
The Symantec study concluded that many companies have not even begun to work on organizational changes with a view to compliance, to be carried out by May 2018, when the new European General Data Protection (GDPR) regulation will be activated.
- About one in ten (9%) claims that all employees have access to customer personal information.
- 6% claims that all their staff may have access to details regarding customer payment data.
- Only 14% believes that everyone in an organization has a responsibility to guarantee that the data is protected.
With so many people accessing personal information, companies have not understood the challenges they will have to face to be able to manage their compliance with GDPR.
- Less than half of the respondents (47%) claimed that moral data management is the top priority for their company and fewer than half also claimed that they could increase security education.
- Only 27% of enterprises intend to fully restructure their approach to GDPR requirements.
Technical readiness and the right to "Ignore"
- 91% of respondents have concerns about their business ability to comply with GDPR, due to factors such as the complexity of proper data processing, time and cost.
- Only 28% of computing officers, or other departments, understand that the right to ignore is part of the new GDPR.
- 90% of businesses claim that customers' requirement to delete their personal data is a challenge for their business.
- Only 9% of respondents have already received requests for ignorance.
- 81% of respondents believe that their clients will exercise their right to delete their personal data.
- However, 60% of enterprises do not have the appropriate system to be able to meet these requirements.
«Οι επιχειρήσεις πρέπει να αναγνωρίσουν ότι η ιδιωτικότητα, η ασφάλεια και η συμμόρφωση με τον GDPR, αποτελούν υψίστης σημασίας παράγοντες που θα διαφοροποιήσουν τις επιχειρήσεις μεταξύ τους» τόνισε ο Kevin Isaac, αντιπρόεδρος της Symantec. «H ανταπόκριση των επιχειρήσεων στον GDPR θα πρέπει να καταστεί βασικό σημείο του οργανωτικού σχεδιασμού, αλλά και της κουλτούρας τους. Η υιοθέτηση μιας αποσπασματικής προσέγγισης θα δημιουργήσει περισσότερα problems of what it will solve".
Ο Peter Gooch, cyber - risk partner, Deloitte, comments:
"Companies should successfully lead the GDPR's key support points and embrace privacy by its design. They also need to understand that the proper security and privacy of procedures can provide significant competitive advantages that will lead to gaining consumer confidence while being driven by regulatory requirements. "
Prof. Dr. Udo Helmbrecht, Executive Director, European Network and Information Security Agency (European Union Agency for Network and Information Security ENISA) comments:
"Given the fundamental importance of the General Data Protection Regulation in shaping the EU's tomorrow's digital environment, the European Network and Information Security Agency (ENISA) welcomes initiatives such as this, which increase our understanding of the challenges of implementing Regulation , in order to achieve the goals we have set. "
The European Regulation on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such Data is to enter into force in the Spring of 2018. The collection and exchange of personal data has increased significantly in recent years as technology allows both private businesses and public authorities to use personal data on an unprecedented scale to pursue their activities. These developments have led the European Union to establish a strong data protection framework with this regulation.
Labeling:
1 Symantec's 2015 State of Privacy Report:
http://www.symantec.com/content/en/us/about/presskits/b-state-of-privacy-report-2015.pdf
