Story image

98% of firms still not quite sure about GDPR specifics

06 Oct 2017

The European Union’s upcoming GDPR regulations are causing many businesses to migrate their data to a new location as a result of the changing requirements for data protection, according to new findings from McAfee.

Out of 800 senior business decision-makers in eight countries (Australia, Singapore, Japan, Brazil, France, Germany, the UK and the US), 53% do not know where their data is located at all time.

Despite not knowing where their data lies, 48% are considering data migration as a result of regulations or changing government policies.

The EU’s GDPR comes into effect in May 2018 and will cast firmer laws for the personal data protection of more than 500 million people in the region.

70% of respondents believe that GDPR will crown Europe a world leader in data protection, although the United States remains the most popular data storage location.

McAfee chief scientist Raj Samani says that data protection is critical as it is one of the world’s most valuable assets.

“The good news is that businesses are finding that stricter data protection regulations benefit both consumers and their bottom line. However, many have short-term barriers to overcome to become compliant, for example, to reduce the time it takes to report a breach.”

On average, organisations take 11 days to report a breach, according to the report, and 63% believes there is a stigma attached to reporting breaches.

Some benefits for businesses include gaining new customers, according to 74% of respondents. 83% also take public sentiment towards data privacy into account when making data residency decisions.

However, political events and turmoil such as US policies and Brexit can also impact respondents’ technology acquisitions, with 51% saying they are being held back by external data protection regulations.

However, only 2% of respondents ‘really understand’ the laws that apply to their specific organisations, right down to all clause levels. 54% believe their organisation has a ‘complete understanding’ of those regulations.

Such wavering statistics shows that there are conflicting beliefs about data protection regulations, McAfee says.

Only 26% of respondents believe their organisation will be able to meet the GDPR’s 72-hour breach report deadline.

Most respondents wish to store data in countries with stringent data protection policies. While they may not like compliance laws, they do benefit customers and an organisation’s bottom line.

“Moving forward, increased awareness and understanding about a company’s data assets will lead to better usage and protection,” McAfee concludes.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.