Case Studies

GDPR findings

by Mark Rowe

Despite the deadline day of the EU’s General Data Protection Regulation (GDPR) having passed on Friday, May 25, only 37pc of UK respondents are very confident their company has fully adhered to new data protection law which imposes new rules on the handling of customer personal details. That’s according to a survey by Kingston Digital, Inc, which makes SD cards, SSD drives, memory modules and USB flash drives. The survey was during the week after that May 25 cut-off date. The survey of 500 UK nationally representative respondents found only 61pc were aware of IT policy changes to ensure GDPR compliance, while three in ten, 31pc did not feel personally responsible for helping meet compliance standards at their company.

About one in five, 22pc of respondents reported that their company has decided against implementing rules that would restrict the use of insecure USB data storage devices in the workplace, with another 13pc reporting their company has introduced a blanket ban on all removable storage. Over half of respondents were unaware of removable storage products with enhanced data security functions, such as the ability to secure and remotely remove content if devices are lost.

Valentina Vitolo, EMEA Flash Business Manager at Kingston Technology said: “This survey is alarming news for some businesses, who haven’t done enough to meet the requirements of GDPR, even though the legislation has already come into force. What’s more, a third of respondents felt disengaged from the process of their company’s GDPR compliance process – which shows some firms are taking a big risk by not educating their team members properly on the required changes to business practices in order to ensure data does not end up in the wrong place.

“For example, by leaving sensitive information on unencrypted devices, which may be lost or stolen, a firm runs the risk of facing penalties imposed by the Information Commissioner’s Office [ICO] to enforce the regulations, which can include heavy administrative fines. Transitioning to encrypted storage devices can help companies continue to operate in much the same way they did before GDPR came into effect, without the fear that personal data may end up in the wrong hands, or the need to impose restrictions on the use of portable storage, which could have a very negative effect on business efficiency.”

“The far-reaching consequences of GDPR affects every company’s IT policy, particularly regarding storage of customer data. Within some companies, there remains a lack of understanding as to how these requirements are best met.”

Picture by Mark Rowe; outside Worcester newsagent, 2017.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing