The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

In Shreds - Most Companies Still Failing On GDPR

29 May 2019 | Updated 30 May 2019

It's over a year since GDPR came in to force and yet over two-thirds of poll respondents still think their organisation is not compliant.

This lack of confidence is according to the latest Twitter poll from organisers of the Infosecurity Europe exhibition. The majority of respondents (68 per cent) believe that organisations have not taken the EU General Data Protection Regulation (GDPR) seriously and are still not compliant.

A lack of doubt in its enforcement is reflected by further results of the poll. When asked if respondents believe that GDPR regulators are being too relaxed when it comes to enforcing standards and following up with organisations, almost half (47 per cent) agreed that they were.

Infosecurity Europe runs from June 4-6 at London's Olympia. It will see the release of an annual ‘State of Cybersecurity Report’. The report's author, Dan Raywood, said: “Compliance is a complicated trend to fully evaluate because while it is something that needs to be acted upon, the stronger enforcement and regulation that had been hyped in the build-up to GDPR have not really materialised. Therefore, it may force some to think that compliance does not have to be taken as seriously as we are expected to believe."

A contributor to the repoert, Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4, said, ‘While excitement about regulation has died down a little, the introduction of GDPR has had both positive and negative impacts. GDPR will remain a driver in the EU and beyond, as more and more organisations are changing the way they handle data in the face of changing regulatory requirements. GDPR and other compliance regulations have done a lot to promote the application of foundational information security and privacy-related practices. A potential downside, however, is that many organisations still assume that meeting a compliance requirement is the same as being secure - of course history teaches us that compliance and security are not the same thing.”

Attracting 6,421 responses, the Infosecurity Europe Twitter poll was conducted during the period 17-19 May 2019.


UK Businesses Still Are Not Ready for Compliance

Office supplies company ACCO Brands, Europe which own Rexel (the paper shredder company) has also conducted a 'one year on' from GDPR survey which found some firms have adapted quickly and with ease while others lag behind.

According to the survey, the EU Commission has received over 95,000 complaints in the time since the new rules took effect, the most notable example being the £44 million fine Google  incurred over how the site uses data to target ads.


What else did the survey discover?

  • 30% of survey respondents believe GDPR only applies to digital data - However, GDPR regulations apply to both digital data and personal data processed in a non-automated manner which forms part of or is intended to form part of, a filing system. While digital data breaches tend to grab most of the headlines, physical data non-compliance is just as much of a risk and is often overlooked.

The paper documentation a business keeps may contain private and sensitive data about its customers and partners, such as addresses, telephone numbers, insurance numbers, and more. Improper handling of this information can not only lead to large GDPR fines and penalties, it can also bring about negative consequences and unwanted solicitation for customers.

  • Many firms have invested  in new or improved cybersecurity measures, yet three quarters of businesses have yet to address issues with physical data. Many have moved their vital documents into digital or Cloud-based storage systems but have failed to devise an appropriate solution for handling the physical records once they have been digitised.

  • The loss or theft of paperwork are among some of the most common incident types reported to the Information Commissioner’s Office (ICO).

  • 53% of businesses still have zero or one shredder and 52% of consumers still don’t understand shredding security levels. Though GDPR does not specify which level of shredding security is required to be compliant, it is better to be safe than sorry. Cross cut and micro cut shredding are the most secure options, as they produce the small paper particles that are impossible to piece back together as opposed to large strips. Businesses with traditional strip shredders may want to consider trading up to these more secure cuts in order to fully safeguard data.

Picture: Rexel reckons companies have invested in cyber security to comply with GDPR but have forgotten about physical document management.



Article written by Brian Shillibeer | Published 29 May 2019


Related Articles

Makers of the World's Smallest Wireless Sensors Launch Desk Occupancy Sensor

One of the challenges of managing facilities in the era of hybrid working models is managing how space is used or needed. The developers of the world’s smallest...

 Read Full Article
WhatsApp for Work – Are you GDPR Compliant?

Whilst most property professionals believe their customer communications are GDPR compliant, the vast majority are failing when it comes to using instant messaging...

 Read Full Article
Why Does China's New Data Protection Law Matter to the UK Property Sector?

China's new Personal Information Protection Law came in on August 20 – find out what the repercussions are for UK property owners. David Smith...

 Read Full Article
NHS Contract Awarded to Health Secretary’s Firm

It has been revealed that Health Secretary Matt Hancock and his sibling own shares in document management company Topwood, that has been granted business...

 Read Full Article
The Cleaning Interactive Exhibition

Cleaning Interactive, the industry’s first high-tech event incorporating visualisation technology, takes place online from 6-7 October 2020. CBI VR Experiences...

 Read Full Article
Futurebuild 2020 Highlights

Futurebuild 2020’s mission was to tackle the biggest challenges facing the industry head on. Bringing together 450 brands, the three days of activity centred on how...

 Read Full Article
MIPIM Rescheduled After French Government Issues Coronavirus Warning

The real estate event, originally planned for March 10-13, has been rescheduled to summer 2020, due to growing concerns relating to the COVID-19 Virus. The announcement...

 Read Full Article
What Do The Bosses Know? What Do They Need To Know?

What data does your boss collect about you? Half of us don’t know –  and don't know what it is used for – according to new research from...

 Read Full Article
Smart Buildings Briefing Review

On September 18 Property Affiliates organised a briefing hosted by Avison Young at their offices in Central London. The subject - Smart Buildings – influencing...

 Read Full Article
World Education Not Taking Cyber Threat Cost Seriously

The 2019 Global DNS Threat Report has revealed the education sector is one of the most heavily targeted industries for cyber attacks - and yet invests very little to stop...

 Read Full Article