Although 46 Percent of Global Organizations Received Customer Requests to Remove Data in Last 12 Months, 41 Percent Lack Defined Processes, Documentation & Technology, According to Blancco Technology Group Study
To kick off the formal ratification of the EU General Data Protection Regulation by the European Council in early 2016, Blancco Technology Group today released its new data privacy study, EU GDPR: A Corporate Dilemma. Based on a survey of over 500 global IT professionals across more than 20 types of businesses, the study indicates that organizations lack defined processes, documentation and technology to adequately address the “right to be forgotten” and require major overhauls of their data collection and removal programs to ensure EU GDPR compliance. Although 46 percent of global IT professionals received customer requests to remove data in the last 12 months, 41 percent said they do not have defined processes, documentation and technology/tools for data removal.
“Because the EU GDPR negotiations stretched on for the last four years, many organizations held out hope that an agreement would be postponed, or if things went the way they hoped, the negotiating parties would never come to agreement,” said Pat Clawson, CEO of Blancco Technology Group. “But now that the EU GDPR is a reality and the new privacy rules will be ratified by the European Council in early 2016, many organizations have a considerable amount of work ahead of them to align their IT governance and data protection programs with both regulatory and customer demands.”
Key corporate security trends that surfaced from the study include:
- While awareness of GDPR is high (48 percent) among global IT professionals, their level of preparation is much lower. 40 percent admit to being less than fully prepared – with 16 percent still needing to find the right data removal software, 9 percent uncertain of how and where to start, and finally, 15 percent not even knowing if they are prepared.
- Lack of documentation, processes and tools increases the likelihood of GDPR violations. 60 percent of the surveyed IT professionals stated that it would take their organization up to 12 months to implement the necessary IT processes and tools to pass a “right to be forgotten” audit, while 25 percent do not know how long it would take.
- Data erasure software (48 percent) tops the list of the most valuable type of technology to ensure GDPR compliance, followed by encryption key removal tools (26 percent) and malware removal tools (10 percent).
- IT professionals inside and outside of Europe (65 percent) are keen to implement data protection laws similar to the framework of EU GDPR.
Clawson concluded, “If organizations want to be ready for GDPR compliance by 2018, they will need to assess their current weaknesses. Once they have done so, they will need to develop end-to-end data lifecycle management processes, create transparent processes and customer communications regarding their data removal methods/tools, and finally, improve their security posturing as a whole to include detection and response and the gathering and sharing of threat intelligence.”
Due to the stringent requirements and penalties imposed by the new law, companies are advised to follow a 12-step action plan to fully prepare for compliance by 2018.
[su_box title=”About Blancco Technology Group” style=”noise” box_color=”#336588″]
Blancco, a division of Blancco Technology Group, is the global de facto standard in certified data erasure. We provide thousands of organizations with an absolute line of defense against costly security breaches, as well as verification of regulatory compliance through a 100% tamper-proof audit trail.
SmartChk by Xcaliber Technologies, a division of Blancco Technology Group, is a global innovator in mobile asset diagnostics and business intelligence. We partner with our customers to improve their customers’ experience by providing seamless solutions to test, diagnose and repair mobile assets. SmartChk (or Xcaliber Technologies) provides world-class support, pre and post implementation, allowing our customers to derive measurable business results.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.