Europe’s IT professionals are getting twitchy about the EU’s looming General Data Protection Regulation (GDPR). With less than a year to go before it comes into force, a survey has revealed just how unprepared many organisations are. However, many in IT see this as an opportunity to push for better data care standards. – By Stephen Evans
More than one in five of European IT decision makers are not confident that their organisation will be fully compliant with new data protection requirements by 25 May 2018. This alarming fact resulted from 2,303 interviews conducted in 11 European countries by leading cyber security firm Kaspersky Lab. The results are spelt out in their publication ‘From overwhelmed to empowered: the IT department’s GDPR journey towards good data health’.
Ignorance is no defence
GDPR aims to embed principles of privacy and data protection into all organisational systems and services. Awareness of these demands varies across European countries. In places like the UK, France, Netherlands, Italy, and Germany only about 10-15% of those surveyed had little or no awareness. However, this rose to around 40% in Belgium, Portugal and Norway. Yet even in the most aware countries, it is somewhat alarming that one in seven IT decision makers are largely ignorant of the implications of this major piece of legislation. This is despite the survey showing that IT is seen as the department at highest risk of noncompliance.
It was telling that of the IT professionals interviewed, only just over half said that they trusted that their personal information will be looked after properly by organisations. This is perhaps not surprising, as around 40% of those questioned said they felt professionally overwhelmed by the demands of GDPR. There was an overwhelming demand for more training to bring greater understanding of the impact of the regulation for the organisation.
The financial sector was seen as being the most switched on but only about half of companies perceived that their firm had the “good knowledge” that they will need in less than 12 months time. However, this perception of being fully on top of the challenge fell to less than a third in manufacturing, as well as in areas such as health and education which have key responsibilities to keep data secure.
An opportunity to transform
However, this struggle could be what’s needed to awaken businesses and public entreprises to the challenges ahead. No less than two-thirds of those IT professionals questioned said GDPR will empower them to enforce data protection across their business, with half saying it will help them do their job better. The result should be more secure data and greater public trust.
“IT professionals, more than anyone else in an organisation, know how much work there is to be done because they know the bad data habits of a business,” commented Martijn van Lom, General Manager of Kaspersky Lab Benelux. “But because they see the flaws, they are also in a position of influence to help plug the gaps and prevent data leaks or mismanagement,” he added.
Information and training provided
Data security is the name of the game for a company like Kaspersky Lab, whose principal role is keeping organisations safe from cyber attacks. “Using our experience as an IT security firm, we are helping IT professionals meet the challenges of this important new regulation,” Mr van Lom added. This goes from publication of a white paper on the subject (Fighting fit: running rings around GDPR compliance), launching an online resources centre (www.kaspersky.com/GDPR), and providing training courses. “It is important to raise awareness of across organisations of the importance to keeping data safe, both from inadvertent leaks but also from the threat of malware,” he added.