Organizations struggle with GDPR

 

An independent survey commissioned by Varonis Systems (www.varonis.com) reveals 75% of organizations believe they will struggle
to meet EU GDPR Regulations by the deadline. The survey, which polled 500 IT decision makers in the UK, Germany, France and the
US also reveals that an additional 42% say that it's not a priority for their businesses, despite the threat of fines which
could cost companies up to 4% of global turnover or €20 million (whichever is greater). The top three challenges cited by over
90% of respondents include:
 
1.    The challenge to meet Article 17 - the “Right to be forgotten,” where they must discover and target specific data and
automate removal when requested by the consumer was cited by 55% of respondents.

2.    Over 50% (52%) said they face challenges to identify personal information on their systems, understand who has access to
it and who is accessing it, and know when this data can and should be deleted according to Article 30, records of processing
activities.
 
3.    Whilst 50% said they will struggle with Article 32 - the security of processing, which means organizations must ensure
least privileged access, implement accountability via data owners and provide reports that policies and processes are in place
and successful.
 
“Almost one third of respondents have not conducted a data impact assessment in order to determine who has access to personal
data according to Article 35 of the regulation. This means that they don’t have a handle on where their most sensitive data
resides,” said Brian Vecci, Technical Evangelist at Varonis. You can’t catch what you can’t see, and if organizations aren’t
assessing their data risk profiles now, how do they know they’re protecting their data from a breach today let alone meeting
these regulations in one year’s time? In the 2017 Varonis Data Risk Report, 47% of organizations had 1,000 or more sensitive
files accessible to every employee in the organization - this includes sensitive personal information. GDPR means that it’s
more critical than ever to know your data. Where is your sensitive data stored? Who is accessing it? Who should be accessing
it?”
 
To help organizations prepare for GDPR, Varonis has once again teamed up with renowned security expert Troy Hunt, to launch a
free GDPR educational video course. The seven part online course, “GDPR Attack Plan: What You Need to Know,”
(https://info.varonis.com/gdpr-attack-plan) created for Varonis walks organizations through the role of GDPR, understanding
personal data, territorial scope, breaches and penalties and how to put GDPR principles into action.