Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Business

WinMagic Survey Finds Most Companies Won’t be Ready for EU GDPR Legislation on 25th May

WinMagic Survey Finds Most Companies Won’t be Ready for EU GDPR Legislation on 25th May

A fifth of companies lack continuous encryption for personally identifiable information, and only half have the systems required to meet Articles 16 and 17 of the GDPR legislation 

With just one month until the new EU General Data Protection Regulation Legislation (GDPR) comes into force, data security company WinMagic, has today released the findings of research that suggests many companies will not be ready when it takes effect on May 25th, 2018.  62% of IT Decision Makers (ITDMs) surveyed describe themselves as ‘confident’ in the build-up, with 1 in 5 (18%) saying they are nervous.

Only half (51%) of companies say they have all the systems in place that will allow them to remove EU Citizen data from servers upon the request, including back-ups, in accordance with Articles 16 & 17 of GDPR.  Worryingly, a fifth (21%) do not yet have any systems in place.

In many cases, companies lack the systems and processes to ensure compliance with the new legislation which affects all companies holding and processing EU citizen data. They must have “appropriate technical and organizational measures” in place to safeguard personal data, as well as minimise data collection, processing and storage.  Non-compliance can lead to fines of €20 million or 4% of turnover, but this is far outweighed by the reputational damage that can occur from a data breach where non-compliance has heightened the risks for citizens.

Whilst 73% believe GDPR will change the way their business will operate to meet compliance, there are a number of key areas where they will fail to meet the requirements of the legislation: 

Data management delays

  • A quarter (25%) admitted that systems were only part implemented, and would not allow the automated removal of citizen data from back-ups
  • Just 48% of data is geo-fenced so that it cannot be accidentally, or intentionally, moved out of the legal jurisdiction under which it should be
  • Many ITDMs (49%) admit not always conducting security audits of the storage locations their data processing and storage partners use

Failing to encrypt data

An average 20% of the companies surveyed lack continuous encryption for personally identifiable information across their cloud and on-premises servers, despite appropriate levels of encryption and anonymisation being a requirement for GDPR compliance.  Encryption also acts as a last line of defense in the event of a data breach, making data illegible when in the hands of unauthorised parties.

Continuous encryption can be complicated to implement in modern environments where infrastructure and data span both cloud and on-premises servers. Where companies lack strict security and encryption management for technologies such as virtual machines and hyper-converged infrastructure, uncontrolled data sprawl can be common, leading to silos of hidden data, and a fragmentation of governance, that leaves companies non-compliant, and at risk of heavy fines.

Poor data breach monitoring

When a data breach occurs, speed is the key element in responding to on-going attacks, but also to controlling the spread and abuse of data by cybercriminals.  GDPR requires companies to report data breaches to the relevant regional authority within 72 hours of discovery, yet 41% of ITDMs believe they could not achieve this today.  Perhaps more worrying is that many companies lack the tools that will identify a breach ever occurred or the data taken:

  • 33% lack confidence and 6% have no confidence, that their systems would automatically identify a breach triggered by an external source.
  • For internal breaches, 34% lack confidence and 6% have no confidence, that their systems would automatically identify a breach event.
  • Only half (55%) believe they can precisely identify the data exposed by a breach

“Whilst companies have made general improvements in their preparations for EU General Data Protection Regulation, the survey suggests that most will not be fully compliant with the regulation when it comes into force,” said Mark Hickman, Chief Operating Officer at WinMagic.  “Whilst many will have sought the necessary authorisations from EU Citizens to store their data and use it for marketing etc., they will lack the processes and protections demanded by the legislation to ensure compliance and protect personally identifiable information with which they have been entrusted.  Effective control and management of the IT infrastructure spanning on-premises and cloud service providers for security and specifically encryption, will be a critical component in meeting the legislative requirements and minimizing the risks to consumers.”

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post