Wednesday, January 4, 2017

I'll do it tomorrow...

The report of the week

All of us at some point in our lives have used those four words that together form a phrase always present in the spirit of the lazy person. Whether it was at the school, university or at work, by the time of thinking about that pending task, we thought:"Well, I still have time to send the report, I'll do it tomorrow ..." Maybe it was weekend, or you had plans with your partner, or that day you just wanted to be lying on the sofa without doing anything. The problem comes when there are only a few hours left to send that report and you haven't started yet.

Well, it seems that these bad habits are very present in most companies. According to the latest report from Vanson Bourne collected in Helpnet Security, more than half of the companies dot yet meet the minimum requirements in the General Data Protection Regulation (GDPR). Will they have left the homework for tomorrow?

The result, after interviewing 2,500 business leaders from Europe,United States and Asia, concludes that 54% of these organizations have not made progress in complying with the GDPR. This fact is alarming since the law will enter into force on May 18, 2018.

This is like school homework. No one knows very well who has the responsibility to implement the changes to comply with the GDPR, what means a lack of preparation.Three out of ten interviewees believe that responsibility should fall to the CIO or to the chief information officer, while two out of ten, I believe that the person who has to charge such a work, should be the chief of computer security. It is surprising that only 1 in 10 participants think that the person in charge of implementing these changes should be the CDO (Data Manager).

On the other hand, it should be noted that only one-third are concerned about the repercussions for their company's reputation by having a poor security policy, while less than a half (40%) of interviewees are concerned about the possibility of a breach with the legislation.

One of the reasons that this implementation is not being carried out is the risk of data fragmentation and loss of visibility, the main concern of more than a third part of the study participants. This combined with the fact that a quarter of your data is stored on unrecognized sites, which prevents IT departments from managing the data with known tools, making the process difficult.
In addition, another of the concerns of those responsible are the risk factors, standing out over the rest, the data loss by the company (52% of respondents). On the other hand, only 4 out of 10 managers are concerned that this loss of data could be caused by a human error.

The lack of visibility into dark data and information held outside of corporate IT systems complicates compliance and exposes organizations to substantial financial and legal risk. These and other GDPR compliance failures carry a harsh financial cost for businesses: a maximum fine of €20 million ($22.3 million) or up to four percent of worldwide revenue, whichever is higher.

We would also like to highlight another study on predictions for this 2017, suggesting that the New Year is not going to be free of attacks. That, coupled with the "new tricks" of cyberspace to get sensitive information, makes the breach of the GDPR more worrisome.

While it is true that there is still a little more than a year to implement the GDPR, the results of the report are worrying and reflect the lack of information or awareness of the organizations on the importance of data protection. Or maybe it's disinterest and laziness. Hopefully they put up and carry, not leave the subject pending for next year...


Post a Comment