The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Thursday, 17 October

In Shreds - Most Companies Still Failing On GDPR


It's over a year since GDPR came in to force and yet over two-thirds of poll respondents still think their organisation is not compliant.

This lack of confidence is according to the latest Twitter poll from organisers of the Infosecurity Europe exhibition. The majority of respondents (68 per cent) believe that organisations have not taken the EU General Data Protection Regulation (GDPR) seriously and are still not compliant.

A lack of doubt in its enforcement is reflected by further results of the poll. When asked if respondents believe that GDPR regulators are being too relaxed when it comes to enforcing standards and following up with organisations, almost half (47 per cent) agreed that they were.

Infosecurity Europe runs from June 4-6 at London's Olympia. It will see the release of an annual ‘State of Cybersecurity Report’. The report's author, Dan Raywood, said: “Compliance is a complicated trend to fully evaluate because while it is something that needs to be acted upon, the stronger enforcement and regulation that had been hyped in the build-up to GDPR have not really materialised. Therefore, it may force some to think that compliance does not have to be taken as seriously as we are expected to believe."

A contributor to the repoert, Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4, said, ‘While excitement about regulation has died down a little, the introduction of GDPR has had both positive and negative impacts. GDPR will remain a driver in the EU and beyond, as more and more organisations are changing the way they handle data in the face of changing regulatory requirements. GDPR and other compliance regulations have done a lot to promote the application of foundational information security and privacy-related practices. A potential downside, however, is that many organisations still assume that meeting a compliance requirement is the same as being secure - of course history teaches us that compliance and security are not the same thing.”

Attracting 6,421 responses, the Infosecurity Europe Twitter poll was conducted during the period 17-19 May 2019.


UK Businesses Still Are Not Ready for Compliance

Office supplies company ACCO Brands, Europe which own Rexel (the paper shredder company) has also conducted a 'one year on' from GDPR survey which found some firms have adapted quickly and with ease while others lag behind.

According to the survey, the EU Commission has received over 95,000 complaints in the time since the new rules took effect, the most notable example being the £44 million fine Google  incurred over how the site uses data to target ads.


What else did the survey discover?

  • 30% of survey respondents believe GDPR only applies to digital data - However, GDPR regulations apply to both digital data and personal data processed in a non-automated manner which forms part of or is intended to form part of, a filing system. While digital data breaches tend to grab most of the headlines, physical data non-compliance is just as much of a risk and is often overlooked.

The paper documentation a business keeps may contain private and sensitive data about its customers and partners, such as addresses, telephone numbers, insurance numbers, and more. Improper handling of this information can not only lead to large GDPR fines and penalties, it can also bring about negative consequences and unwanted solicitation for customers.

  • Many firms have invested  in new or improved cybersecurity measures, yet three quarters of businesses have yet to address issues with physical data. Many have moved their vital documents into digital or Cloud-based storage systems but have failed to devise an appropriate solution for handling the physical records once they have been digitised.

  • The loss or theft of paperwork are among some of the most common incident types reported to the Information Commissioner’s Office (ICO).

  • 53% of businesses still have zero or one shredder and 52% of consumers still don’t understand shredding security levels. Though GDPR does not specify which level of shredding security is required to be compliant, it is better to be safe than sorry. Cross cut and micro cut shredding are the most secure options, as they produce the small paper particles that are impossible to piece back together as opposed to large strips. Businesses with traditional strip shredders may want to consider trading up to these more secure cuts in order to fully safeguard data.

Picture: Rexel reckons companies have invested in cyber security to comply with GDPR but have forgotten about physical document management.



Article written by Brian Shillibeer


Related Articles

AJ Products UK Turns 20

In 1999, AJ Products opened its doors in the United Kingdom to share its Scandinavian outlook on how to improve the workplace with British businesses from all...

 Read Full Article
2019 Best Cities For Generation Z

Co-working spaces have helped London become the No.1 destination for Generation Z workers according to the 2019 Generation Z city index. London scored a perfect...

 Read Full Article
Smart Buildings Briefing Review

On September 18 Property Affiliates organised a briefing hosted by Avison Young at their offices in Central London. The subject - Smart Buildings – influencing...

 Read Full Article
New & Improved Workplaces - Money Down The Drain

One in five new or refurbished workplaces fails to meet employee needs according to the latest report from Leesman - suggesting vast amounts of money are being spent to...

 Read Full Article
World Education Not Taking Cyber Threat Cost Seriously

The 2019 Global DNS Threat Report has revealed the education sector is one of the most heavily targeted industries for cyber attacks - and yet invests very little to stop...

 Read Full Article
Enocean Alliance At Smart Buildings Show

EnOcean Alliance members will be exhibiting maintenance-free wireless sensor solutions for smart buildings at the Smart Buildings show at London’s Olympia on...

 Read Full Article
Analytics That Help Create Workplaces That Work

Which seating plan results in the best collaborative output? Knowing the most productive interior layout and environment means occupiers can design and operate their...

 Read Full Article
Fire Does The Strand - 250 Office Evacuation

Just as people were arriving for work on Tuesday October 1 morning, a fire broke out at an office block on one of London's most famous streets, The Strand. The fire...

 Read Full Article
Gavazzi On Show At Smart Buildings

Controls and Automation specialist, Carlo Gavazzi will be returning to this year’s Smart Buildings show at London’s Olympia on October 9-10. Smart...

 Read Full Article
WorkTech London Speaker Programme Announced

Details have been announced for this year’s flagship WorkTech London conference that takes place at the Queen Elizabeth Hall, Southbank Centre on November...

 Read Full Article