New research by Egress Software Technologies shows that almost 90% of CIOs believe that the new EU GDPR will leave them exposed. The research was carried out on 200 CIOs from organisations in the UK with over 1000 employees. The results certainly show how little most organisations are prepared for the regulation that’s just around the corner.

What exactly is the GDPR?

The new General Data Protection Regulation (EU GDPR) is bringing more stringent set of regulations for all businesses operating in the EU that will lead to a wider degree of data protection harmonisation.

The EU General Data Protection Regulation is bringing new matters such as data subject consent, data anonymisation, breach notification, trans-border data transfers, and appointment of data protection officers which means that organisations handling data will have no choice but to reform. In a nutshell: 

• The appointment of a data protection officer (DPO) will be mandatory for certain companies
• New data breach notification requirements

The data controller has to notify the data breach to the supervisory authority no later than 72 hours having become aware of it. The only exception to this could be if the data controller is able to prove that the data breach is unlikely to result in a risk to the rights and freedoms of the data subjects in question. Failing to do comply with the new breach notification requirement (as well as to any of the other requirements imposed by the regulation) can bring severe sanctions: up to 5% of the organisation’s Annual Global Turnover (or €10m-€20m)

• Mandatory privacy impact assessments

Data controllers will be required to conduct risk-based privacy assessments before the commencement of new projects. The privacy impact assessments will analyse the risks involved and provide solutions to minimise the risks to their data subjects.  ISO/IEC 27001 provides one of the best frameworks for assessing and mitigating data protection risks helping data controllers conduct successful impact assessments.

• One-Stop-Shop

The regulation has proposed the establishment of a one-stop-shop for businesses meaning that organisations will only have to deal with a single supervisory authority, as opposed to one for each of the EU’s 28 member states. This will provide fast and cost-effective ways for companies to do business in the European Union, contributing to the growth of the digital economy.

Why are CIOs fearing the GDPR and why are organisations not prepared for it?

They say “never let your fear decide your future”, but that’s exactly what organisations should do in regards to the new regulation. The study showed that 77% of CIOs showed frustration because their employees are not using the new technologies that their organisations are deploying. Interestingly enough, 87% believed that this particular reason leaves their organisations vulnerable, and they are right. However, only 20% of these are actually focusing on accidental breaches due to human error.

Are these facts enough to take a a deeper, strategic look at EU GDPR? Apparently not. More than 25% of respondents are not actually planning any changes ahead of the new GDPR, set to be enforced in the spring of 2018.

If you interested to learn more about how the new EU GDPR will affect your organisations and how you should prepare for it, register now for our complimentary breakfast seminar in collaboration with Palo Alto Networks on Oct 6^th, 7.30AM. Click here to go to the registration form.