The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

In Shreds - Most Companies Still Failing On GDPR

Rexel
29 May 2019 | Updated 30 May 2019
 

It's over a year since GDPR came in to force and yet over two-thirds of poll respondents still think their organisation is not compliant.

This lack of confidence is according to the latest Twitter poll from organisers of the Infosecurity Europe exhibition. The majority of respondents (68 per cent) believe that organisations have not taken the EU General Data Protection Regulation (GDPR) seriously and are still not compliant.

A lack of doubt in its enforcement is reflected by further results of the poll. When asked if respondents believe that GDPR regulators are being too relaxed when it comes to enforcing standards and following up with organisations, almost half (47 per cent) agreed that they were.

Infosecurity Europe runs from June 4-6 at London's Olympia. It will see the release of an annual ‘State of Cybersecurity Report’. The report's author, Dan Raywood, said: “Compliance is a complicated trend to fully evaluate because while it is something that needs to be acted upon, the stronger enforcement and regulation that had been hyped in the build-up to GDPR have not really materialised. Therefore, it may force some to think that compliance does not have to be taken as seriously as we are expected to believe."

A contributor to the repoert, Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4, said, ‘While excitement about regulation has died down a little, the introduction of GDPR has had both positive and negative impacts. GDPR will remain a driver in the EU and beyond, as more and more organisations are changing the way they handle data in the face of changing regulatory requirements. GDPR and other compliance regulations have done a lot to promote the application of foundational information security and privacy-related practices. A potential downside, however, is that many organisations still assume that meeting a compliance requirement is the same as being secure - of course history teaches us that compliance and security are not the same thing.”

Attracting 6,421 responses, the Infosecurity Europe Twitter poll was conducted during the period 17-19 May 2019.

 

UK Businesses Still Are Not Ready for Compliance

Office supplies company ACCO Brands, Europe which own Rexel (the paper shredder company) has also conducted a 'one year on' from GDPR survey which found some firms have adapted quickly and with ease while others lag behind.

According to the survey, the EU Commission has received over 95,000 complaints in the time since the new rules took effect, the most notable example being the £44 million fine Google  incurred over how the site uses data to target ads.

 

What else did the survey discover?

  • 30% of survey respondents believe GDPR only applies to digital data - However, GDPR regulations apply to both digital data and personal data processed in a non-automated manner which forms part of or is intended to form part of, a filing system. While digital data breaches tend to grab most of the headlines, physical data non-compliance is just as much of a risk and is often overlooked.

The paper documentation a business keeps may contain private and sensitive data about its customers and partners, such as addresses, telephone numbers, insurance numbers, and more. Improper handling of this information can not only lead to large GDPR fines and penalties, it can also bring about negative consequences and unwanted solicitation for customers.

  • Many firms have invested  in new or improved cybersecurity measures, yet three quarters of businesses have yet to address issues with physical data. Many have moved their vital documents into digital or Cloud-based storage systems but have failed to devise an appropriate solution for handling the physical records once they have been digitised.

  • The loss or theft of paperwork are among some of the most common incident types reported to the Information Commissioner’s Office (ICO).

  • 53% of businesses still have zero or one shredder and 52% of consumers still don’t understand shredding security levels. Though GDPR does not specify which level of shredding security is required to be compliant, it is better to be safe than sorry. Cross cut and micro cut shredding are the most secure options, as they produce the small paper particles that are impossible to piece back together as opposed to large strips. Businesses with traditional strip shredders may want to consider trading up to these more secure cuts in order to fully safeguard data.

Picture: Rexel reckons companies have invested in cyber security to comply with GDPR but have forgotten about physical document management.

 

 

Article written by Brian Shillibeer | Published 29 May 2019

Share



Related Articles

Google in Potential London Office Deal in Central St Giles

The tech giant is rumoured to be in talks to buy a London office complex worth £750m. According to The Business Times, Google has entered into negotiations to...

 Read Full Article
The Cleaning Interactive Exhibition

Cleaning Interactive, the industry’s first high-tech event incorporating visualisation technology, takes place online from 6-7 October 2020. CBI VR Experiences...

 Read Full Article
Futurebuild 2020 Highlights

Futurebuild 2020’s mission was to tackle the biggest challenges facing the industry head on. Bringing together 450 brands, the three days of activity centred on how...

 Read Full Article
British Land's Chief Executive Grigg To Step Down

British Land has announced that long-serving Chief Executive, Chris Grigg is to step down, less than a year after, the UK's number two by volume property company,...

 Read Full Article
MIPIM Rescheduled After French Government Issues Coronavirus Warning

The real estate event, originally planned for March 10-13, has been rescheduled to summer 2020, due to growing concerns relating to the COVID-19 Virus. The announcement...

 Read Full Article
Cushman & Wakefield Launches Indego Service To Manage Flexi-space

Cushman & Wakefield has launched Indego, a white label service for office landlords and investors looking to create bespoke flexible workspaces in the UK. Indego...

 Read Full Article
Skanska Wins Contract for 20 Ropemaker Street

Skanska has won a £240 million contract to construct 20 Ropemaker Street in Central London for Great Elm Assets Limited, in association with Old Park Lane...

 Read Full Article
What Do The Bosses Know? What Do They Need To Know?

What data does your boss collect about you? Half of us don’t know –  and don't know what it is used for – according to new research from...

 Read Full Article
Culture Vultures Target Meat Market

The City of London has announced the winners of the Smithfield Area Public Realm competition – a plan to create a vibrant, exciting and welcoming new...

 Read Full Article
New Tool Reveals Central London Office Prices 242 Per Cent Higher Than UK Average

With almost 5 million self-employed people in the UK, there is a higher than ever demand for private and coworking office space. As a result, thousands of new office...

 Read Full Article