Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - Addressing GDPR Across The Whole Enterprise
News & Analysis

Addressing GDPR Across The Whole Enterprise

ISBuzz TeamBy ISBuzz TeamMay 26, 2017Updated:May 26, 20177 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

Key stats on GDPR:

Compuware – taken from its May global survey of 400 CIOs conducted by Vanson Bourne:

  • 67% of European and 88% of U.S. organisations with European customer data say they are well-briefed on GDPR; an improvement on 55% and 73% respectively when the same question was asked last year.
  • On average, 38% of all respondents have comprehensive plans for GDPR compliance, leaving the majority at risk of non-compliance fines.
  • The UK fell well below average, with just 19% having comprehensive plans, which marks only a marginal improvement from 18% last year.

RSA – taken from its May survey of 2,045 UK consumers (carried out by Lightspeed Research on behalf of RSA):

  • Only 15 percent of respondents have heard of EU General Data Protection Regulation, while 76 percent have heard of the UK Data Protection Act
  • More than half (53 percent) believe the fines proposed under EU GDPR are fair (up to €20m or 4 percent of annual turnover, whichever is higher)
  • 28 percent said they have chosen to boycott companies that mishandle data, using more secure alternatives instead

Expert comments:

 Dr Elizabeth Maxwell, PDP, Technical Director, EMEA at Compuware:

 “With just 12 months to go, organisations across Europe are making steady progress towards GDPR compliance, but it just isn’t happening fast enough; especially here in the UK. Research recently found that less than one in five UK organisations have a detailed plan in place for how they will comply with GDPR – putting it in last place, and a long way behind the global average of 38%.

“This lack of preparation in the UK may be largely because of the initial uncertainty over the impact of Brexit on the need to comply. However, we now have clear guidance that UK organisations will need to comply, and a failure to do so could expose them to the risk of fines of up to €20 million, or 4% of their global turnover – whichever is greater.

“To prepare effectively, organisations must improve their data governance capabilities across all platforms—especially on the mainframe, since that is where the majority of customer data resides. That might seem like a burden, but as well as supporting compliance with GDPR, modernised approaches can help to reduce the man-hours needed to handle data collection and management, leaving IT teams free to concentrate on analytics and innovation; creating a win-win scenario for both organisations and their customers.”

Rashmi Knowles, Field CTO at RSA:

“When you read headline after headline of high profile data breaches, it is easy to despair and lose trust in businesses’ ability to look after our data. Things are only going to get worse once mandatory breach notification is introduced under the GDPR, as these breaches will become even more public.

“We can see some consumers are already boycotting companies that mishandle data, so this should be a real wakeup call – particularly when you add that to the potential penalties that could be imposed. Organisations can no longer see data breaches as an abstract tech or IT problem; boycotts and penalties are serious business risks and should be a board-level business issue. Make no mistake, there will be businesses that will never fully recover from such a fine, if they don’t go out of business entirely. We will all know of the EU General Data Protection Regulation then.”

Richard Porter, UK Sales Manager at Human Inference:

“GDPR has primarily been viewed as a data security challenge, but overlooking data management concerns puts organisations at risk of falling foul of the new rules. To ensure compliance, there are five key data management principles to follow. First off, make sure that all data is stored appropriately. Data cannot be stored after it has served its initial usefulness, and must be removed promptly. Next, businesses need to give all customers access to their own data. When a legitimate request is made, they must provide ready, comprehensive access to all relevant information.

“It’s also critical to be able to amend inaccurate data; this means opening up the personal data to modification by consumers. A consumer also has the right to obtain the erasure of personal data. While this is only permitted under specific grounds, when a genuine request is made organisations need to act quickly. Last, but not least, organisations need to remember that the consumer has the right to transmit any personal data to another organisation without hindrance.

“The five principles highlight a single risk. If customers’ data is fractured and inconsistent, organisations will have less unified control, without which it will be much more difficult to meet GDPR demands. The aim should be to create a single ‘Golden Record’ for each customer: a unique overview that describes the individual’s personal details any other contextual information in an easy-to-share format. If the organisation is confident there is no potentially sensitive data out of its control, then it will not only be compliant. It will also create a single view of the customer that can support smart data management across the business.”

Danielle Jackson, Chief Information Security Officer at SecureAuth:

“GDPR is a catalyst which will change the way organisations view, store and secure their data. For CISOs and their organisations, it means a new standard for data protection and ensuring the right policies are in place to ensure compliance. With the one-year countdown starting, CISOs need to talk to their organisation about introducing transparency to what data is being collected, how it is categorised and secured, and when personal information is exposed in a breach. Now is the time for CISOs to put good practices in place. Securing the user and how the user accesses data is a good starting point. With stolen credentials being the leading cause for breaches and non-compliance to GDPR meaning a serious financial penalty, finding ways to combat that risk, reduce your threat landscape and strengthen overall security posture.”

Robert Coleman, CTO UK&I at CA Technologies:

“One year from today the GDPR will come into force and any organisation, anywhere in the world, that processes EU citizens’ personal data must comply with it. Compliance will be no mean feat for anyone, no matter their size, requiring vast amounts of time and resource. The first step to getting ready in time is to create a cross-functional programme of work containing representatives from Legal, IT, HR, Business Units. This is not just an IT problem!

“The GDPR introduces a move toward privacy by design, meaning that organisations will have to build safeguards into processes, such as testing and development, from beginning to end. Over the next 12 months, organisations must become accountable for the Personally Identifiable Information (PII) they hold. They need to know where it resides, how they can secure it (at rest and in-flight) and if they have a breach, how will they know about it? Organisations must also ensure data can be encrypted in production environments, masked and anonymised for use in development and test environments; and that access is controlled to PII data using Identity Management, Privileged Access Management and Strong Authentication techniques.

“The regulatory approach taken by the EU is all “stick” and no “carrot” and the penalty provisions for not fulfilling the detailed requirements are much more punitive than the currently active legislation. It remains to be seen how hard organisations that fall foul of GDPR regulations will be hit. But we can be sure that come May 2018, few excuses will be accepted for not having robust processes, technology and organisational structures for managing and securing personal or private data in place.”

 

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Visual data is the blind spot in enterprise security: that’s about to change

May 4, 20267 Mins Read

Making stolen data worthless: why security must start with the data

March 30, 20265 Mins Read

Meta’s Smart Glasses Privacy Scandal Expands After Sama Credentials Found on the Dark Web

March 10, 20264 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}