The EU General Data Protection Regulation (GDPR) requires a ‘privacy-by-design’ approach to data security, but a recent study by a GDPR-compliance provider suggests only half of organisations have allocated budget for staff awareness.
IT Governance’s report, Implementation challenges and milestones for early adopters of the GDPR, is based on responses from 250 information security and data protection professionals, and focuses on the issues faced by those organisations that have already started working towards achieving GDPR compliance.
The report found that the biggest challenge in preparing for the GDPR is implementing the technical and organisational measures needed for compliance. Although half of organisations state they have not allocated a budget for staff awareness of data protection responsibilities, just over half of those surveyed are planning to undertake GDPR staff awareness training in the future.
Briefly, the GDPR, due to come into force in May 2018, requires organisations to identify measures to protect EU residents’ personal data by, for example, conducting a data protection impact assessment (DPIA) for risky processing operations and, for some, appointing a data protection officer (DPO).
Nearly 43pc of respondents to the survey felt that compliance with the GDPR will rely on staff awareness and training – a surprisingly low figure given that a recent cyber security breaches survey found that most, 72pc of reported breaches occur after a staff member receives a fraudulent email.
Alan Calder, founder and executive chairman of IT Governance, said: “Under the GDPR, organisations will need to be equipped to deal with incidents to avoid severe reputational and financial damage. Implementing a core staff training process is crucial in developing a cyber resilient workforce in line with the Regulation.” Visit https://www.itgovernance.co.uk.
