Some 15pc of IT professionals in the UK, US and Germany have never heard of the new general data protection regulation (GDPR), even now it’s the law.
In a study of the views of 500 IT and cyber security professionals, the security software company Avecto found that as well as some businesses not knowing about GDPR, 25pc had heard of it but did not understand it. Near half, 47pc of those questioned believe the regulation isn’t strong enough.
Of those that were familiar with GDPR and had processes in place to prepare for it, many are yet to bring in relatively simple measures to contribute towards compliance. Just one in three, 33pc of UK professionals said that they carry out a monthly audit of employee and customer data, and only 40pc work for companies that restrict administrator rights to protect customer and employee data, even though a foundational principle of GDPR is controlling privileged access.
The findings also suggested that many companies do not have a dedicated member of staff to handle data protection. Only 63pc and 46pc of UK and US professionals respectively work at companies with an internal or external data protection officer, and just over 30pc keep a data breach log in both of these regions.
Simon Langton, VP of Professional Services at Avecto, said: “It’s worrying that so many organisations are still confused by the regulation and what they need to do. With the regulation now in force, businesses are at risk of a fine if they aren’t operating in compliance with the regulation.
“GDPR does offer guidelines, but it is open to interpretation in terms of specific processes that businesses need to put in place. However, having access to the skills to manage data protection, regularly auditing data and implementing simple security measures, such as limiting administrative privileges and implementing application whitelisting software, is vital to help organisations keep data safe and achieve ongoing compliance.”
