News / UK firms less confident than U.S. counterparts with GDPR compliance
UK firms less confident than U.S. counterparts with GDPR compliance
16 May 2018 |
New research by Webroot has shed light on the preparedness of organisations based in the UK, the United States and Australia in adjusting to new data security measures and complying with their respective data security legislations.New research by Webroot has shed light on the preparedness of organisations based in the UK, the United States and Australia in adjusting to new data security measures and complying with their respective data security legislations.
A survey of 600 IT decision makers at mid-sized businesses with 100 to 499 employees in the U.S., the UK, and Australia revealed that even though 95 percent of such businesses believe stronger data protection policies, such as the GDPR which will take effect on May 25 and the Australian Notifiable Data Breaches (NDB) which came into effect on February 22, will lead to fewer breaches, only 42 percent are ready to comply with those policies.
IT decision makers in the UK not confident enough
At the same time, while nearly 99 percent of IT decision makers in the UK said their organisations are GDPR compliant, only 15 percent of them feel confident that their fellow employees are equipped to comply with GDPR. Only 18 percent of such decision makers were also not very confident about providing all information on EU citizens within one month of request. However, 95 percent of them did express some level of confidence in complying with such requests.
In contrast, 78 percent of IT decision makers in the United States feel confident that their fellow employees are equipped to comply with data security regulations, and 19 percent of them from Australia feel the same way.
A survey of 406 cyber security professionals commissioned by Tripwire and carried out by Dimensional Research in November last year had also revealed that only 18 percent of all organisations were fully ready to abide by the 72-hour breach notification window as mandated by the GDPR.
Despite the lack of readiness, 77 percent of cyber security professionals expressed confidence that their organisations could meet the 72-hour deadline once GDPR comes into effect. 24 percent of them went so far to state that they could notify customers of a data breach within the first 24 hours, let alone 72 hours.
In both cases, confidence expressed by IT decision makers in complying with GDPR requirements in the UK is not in sync with their relative preparedness. However, the survey revealed that despite the gap in 'perceived readiness' and 'real-time readiness' of organisations in complying with the 72-hour breach notification window, organisations were comparatively better placed when it came to storing and handling customer data.
"While it doesn’t come as much of a surprise that each respective country is focused on its own citizens’ data, organisations have to remember that in a global marketplace, their business impacts citizens beyond their own borders. We’re focused on offering our managed service partners solutions such as user training and endpoint protection to comply with the global regulations aimed at keeping data safe," said Megan Shields, Data Protection Officer at Webroot.
Latest posts by Jay Jay (see all)
- Classified Ministry of Defence data lost to 37 cyber incidents in 2017 - 16th October 2018
- Facebook’s access token breach impacted 30 million user accounts - 15th October 2018
- Dropbox: most impersonated company for phishing attacks in first half of 2018 - 12th October 2018
- UK ratifies Convention 108 that safeguards personal data at international level - 12th October 2018
- DHSC reveals WannaCry ransomware attack cost the NHS £92 million - 11th October 2018