Majority Of Businesses Not Confident In Achieving 2018’s GDPR Compliance

Nearly 80 percent of the UK’s IT pros in medium and large businesses are not confident that they will be able to comply with the upcoming GDPR regulations that are set to be enforced from 2018.

This is according to cloud security broker Netskope, which commissioned a YouGov survey of 500 businesses.

GDPR (General Data Protection Regulation) is the regulation platform in the making set up by European Commission to boost data security issues for European businesses and citizens.

Only one-fifth of IT professionals in medium and large businesses felt sure they would comply with upcoming regulations, which will include identifying which data they hold is classified as personal, where it is stored, and notifying local information commissioners about a data breach within 72 hours of the occurrence.

Consequences

Out of the 500 businesses surveyed by Netskope, 20 percent reckoned that their cloud providers will handle all of the GDPR compliance regulations on their behalf, but Netskope warned that this is not the case – according to the specific wording of the GDPR.

“The GDPR will have far-reaching consequences for both cloud-consuming organisations and cloud vendors,” said Eduard Meelhuysen, VP EMEA, Netskope.

“With the ratification of this piece of legislation imminent, the race is on for IT and security teams who now have two years to comply.”

Under the GDPR, businesses will be obligated to process personal data in the ways the regulations stipulate, meaning that more technical measures will be required that cater for confidentiality, integrity, and availability of data.

“Although that might sound like a lengthy timeframe to complete preparations, the significant scope of these reforms means that businesses have their work cut out to ensure compliance in time for the EU’s deadline,” said Meelhuysen.

Unauthorised apps

The YouGov survey also found that almost a third of IT pros said that they know employees are using unauthorised cloud apps within the business, but only 7 percent have a solution in place to deal with the use of unsanctioned apps.

Netskope said that cloud apps pose a challenge to GDPR compliance because of the amount of unstructured data they create – data which is outside of the organisation’s direct control, and therefore pose a serious risk to compliance with the GDPR.

“The key is to start preparations as soon as possible. The technical challenges are made even more significant by the myriad complications presented by the cloud and shadow IT, which make personal data even harder to track and control,” said Meelhuysen.

“As a starting point for GDPR compliance, organisations need to conduct an audit to ensure they understand what cloud apps are in use – both sanctioned and unsanctioned – and what data are in those cloud apps.”