Many CEOs aren't being told their companies aren't GDPR compliant

(Image credit: Image Credit: Pitney Bowes Software)

A shocking amount of UK businesses aren't telling their chief executive officers that they are not compliant with the General Data Protection Regulation (GDPR), 

According to research from Delphix, many firms have “significant amounts” of unprotected personal data, while CISOs are leading CEOs to believe that is not the case.

While some organisations fail to mark personal data at all, others don’t know if their test data is compliant with GDPR or not, at all. Confidential data, such as salary details and such, are often held in test systems, which means unauthorised personnel often gain access to this data.

Among the main reasons why this happens is the speed at which businesses are trying to innovate. As they move into digitalisation at breakneck speeds, things often “fall through the cracks”, with testing environments turning into a “security minefield”.  

Another root issue is the cost and speed (or lack thereof) of creating data environments. DevOps engineers often waste entire days waiting on data.

“These confessions should come as a wake-up call to the C-suite” said Eric Shrock, CTO at Delphix. 

“It is clear that the vast majority of top-level execs are blissfully unaware of how easily accessible their highly sensitive data is. Pair that with growing frustration amongst developers looking to acquire data quickly and we have the perfect recipe for disaster,” he added.