The Biggest & Best Portal to the Professional Property, Workplace and Built Environment Community

Wednesday, 12 December

GDPR - No Confidence In Compliance. Mobile Workers Are Biggest Hazard

Most companies are not confident of being fully compliant ahead of the GDPR deadline with the biggest fear being the loss of data on laptops and other mobile devices.

New research highlights that companies are massively ill-prepared for this week’s (May 25) General Data Protection Regulation (GDPR) enforcement deadline.

Less than a third (29%) of surveyed organisations felt confident they would comply and when questioned further and asked whether there were any areas they might be likely to fail, 81% could think of some area of the new requirements that might cause them to fail when it comes to GDPR compliance.

Fifty per cent of organisations who know that GDPR will apply to them admit that a lack of understanding of the data they collect and process is their number one concern relating to non-compliance. On top of this, almost four in ten (37%) believe they are most likely to fail because of gaps in employee training and almost a quarter (23%) say their employees don’t understand the new responsibilities that come with the GDPR.

 

Personally identifiable information

“Data or personally identifiable information (PII) is at the heart of GDPR and mapping and securing it should be every organisation’s number one priority. By now, all employees, from the top down, should have an understanding of the importance of GDPR and the role they play in keeping this data safe”, said Jon Fielding, MD, of Apricorn which commissioned the research. “While we know that many organisations have provided some form of employee training, clearly in some cases this hasn’t been effective and organisations should address these gaps urgently.” (Apricorn manufacturers hardware encrypted USB drives.)

 

Tick Box?

While almost one in ten still regard the GDPR as a mere tick box exercise, a substantial proportion do view it as being of some benefit to their organisation – for example 44% agree that the new regulation is a welcome opportunity to overhaul their organisation’s data handling and security processes.

 

Mobile

The most commonly taken step so far, for those who say they will be at least somewhat prepared for the GDPR, is to review and update their security policies for mobile working (67%), however, three in ten (30%) still worry they could fail to comply due to mobile working and almost a quarter (22%) of respondents are concerned they may fail due to a lack of encryption. “There is a lot more awareness amongst companies since our first survey last year but we continue to see a huge amount of confusion amongst organisations as to what to prioritise in order to tackle the regulation,” added Fielding.

 

Policy, people and technology

In line with this, 98% of respondents recognise that they will need to continue investment in policy, people and technology even after the deadline has passed. Investing in the necessary tools to make security processes easier and more efficient is vital, particularly when taking into account that Article 32 of the GDPR requires the pseudonymisation and encryption of personal data. “The best form of defence is to make sure everything you have is as locked down as possible and all PII is encrypted in transit and at rest,” advised Fielding. “Organisations should research, identify and mandate corporate standard encrypted devices and educate employees on their use to avoid the risk of a breach and being fined for non-compliance.”

Picture: The black arts of security encryption of mobile hardware.

Article written by Brian Shillibeer

Share



Related Articles

Gangsters' Paradise Leads To Jail Terms For Business Phishing Scam

Gangsters who altered business emails to rip-off more than £1 million have gone to jail. Two members of the Nigerian organised crime group who committed the fraud...

 Read Full Article
Raising The Bar – Consent Under The GDPR

Straight from the horse's mouth, Steve Wood, Deputy Information Commissioner, writes for ThisWeekinFM on the topic of 'consent', how to get it and what to do...

 Read Full Article
Is BYOD Creating A GDPR Risk For Your Business?

Does your Bring Your Own Device (BYOD) stance have the potential to create risks relating to data protection or breaches, as a result of staff using a single smartphone...

 Read Full Article
Two Million Fleet Drivers To Revalidate Driving Licence Data Consent

There are over two million drivers who will have to revalidate their driving licence data consent, writes Malcolm Maycock, Chair of the ADLV. Whilst this is a mammoth...

 Read Full Article
Denial Of Service Costs Escalate

A DNS Threat Report has revealed the cost per attack has increased by 57% to $715,000 for organisations globally. EfficientIP, a specialist in DNS security to ensure...

 Read Full Article
Are You Ready For Business Change?

Andrew Carwardine offers 7 Steps to Change & Put Process Back On The Agenda. Thanks to GDPR, processes are back on the agenda but why the wait? Shouldn't we...

 Read Full Article
Crown Prosecutions Service Prosecuted - And Other GDPR-type Convictions

You could hardly make it up but the Crown Prosecutions Service has been fined after losing victim interview videos - PLUS a variety of convictions including a...

 Read Full Article
GDPR - What A Scam

GDPR has gifted scammers with a new hook for sending phishing emails. Many internet users are now receiving emails from organisations that they have online dealings with,...

 Read Full Article
Human Error Could Cost UK Businesses Up To €20 Million

Over three-quarters of British businesses say that a proportion of inbound mail and communications is incorrectly allocated due to physical handling, creating an...

 Read Full Article
Brits Are Addicted To Their Smartphones Which Are Used More Than Computers

A third of survey respondents feel that they are addicted to their smartphones, with 15% checking their phones within 15 minutes of waking. The survey (conducted on...

 Read Full Article