The government should have done more to inform organisations what GDPR is, and the media shouldn’t have overhyped it the way it has, new research has said.
Security firm Bitdefender surveyed a number of C-Level IT decision-makers, finding that almost a third (31 per cent) of CIOs and more than a quarter (26 per cent) of other C-level ITDMs wouldn’t be able to clearly describe what GDPR is and how their company complies.
The report also says that many CSOs and CISOs (83 per cent CSOs and 51 per cent of CISOs) would rather risk fines than risk going into a complex implementation process. Among CIOs, the number is quite lower, 34 per cent.
“This study brings a new perspective to GDPR compliance. As an industry, everyone in IT can agree that the GDPR represents the most significant change to data protection practices in two decades — yet despite the hype around it, it appears that not everyone is sure exactly what it is or whether their companies are ready for it. It’s this last point that is concerning,” comments Liviu Arsene, researcher at Bitdefender.
“In less than 100 days all companies will be held responsible for their handling of data as it relates to the protection of European citizen’s data. Companies will need to prove they are doing everything they can to protect this data, share who has control over it and even how, if at all, it is transported to other regions of the world.
“It’s not too late to act. Companies still have a small window of time in which they can establish data ownership, identify security weak spots, and shore up defences. The risks of not doing so, simply do not add up in the modern enterprise where data, and data protection, is money,” adds Arsene.
Image Credit: Docstockmedia / Shutterstock