With less than a month until the GDPR comes into force, many companies will not be ready when it takes effect on May 25th, 2018. 62% of IT Decision Makers (ITDMs) surveyed describe themselves as ‘confident’ in the build-up, with 1 in 5 (18%) saying they are nervous, according to WinMagic.
Only half (51%) of companies say they have all the systems in place that will allow them to remove EU Citizen data from servers upon the request, including back-ups, in accordance with Articles 16 & 17 of GDPR. Worryingly, a fifth (21%) do not yet have any systems in place.
In many cases, companies lack the systems and processes to ensure compliance with the new legislation which affects all companies holding and processing EU citizen data. They must have “appropriate technical and organizational measures” in place to safeguard personal data, as well as minimize data collection, processing and storage. Non-compliance can lead to fines of €20 million or 4% of turnover, but this is far outweighed by the reputation damage that can occur from a data breach where non-compliance has heightened the risks for citizens.
There are a number of key areas where they will fail to meet the requirements of the legislation, some of which include:
- Data management delays
- Failing to encrypt data
- Poor data breach monitoring
Read more: HelpNet Security