News

Survey: Orgs Confess to Myriad GDPR Compliance Misses

A recently published Forrester survey commissioned by Microsoft details the many ways that organizations are failing to comply with the European Union's General Data Protection Regulation (GDPR), which took effect in mid-2018.

The GDPR privacy law, with potential fines of €20 million or 4 percent of an organization's annual global revenue, whichever is greater, became legally enforceable on May 25, 2018. While the GDPR is the law in the European Union, it applies worldwide to any company that handles EU-residents' data.

The Forrester study, "Security Through Simplicity," included survey responses from 481 IT security decision makers on a variety of topics, including GDPR compliance. The survey was initiated in August and completed in September. According to the survey results, over half of respondents said that their organizations had not carried out the following GDPR compliance steps:

  • Vetted third-party vendors (62 percent)
  • Hired personnel to serve as data protection officers (60 percent)
  • Collected evidence of having addressed GDPR compliance risks (59 percent)
  • Implemented "privacy by design" principles (57 percent)
  • Trained business personnel on GDPR requirements (57 percent)
  • Allocated budget to address GDPR readiness (56 percent)
  • Set up preparations for the "72-hour data breach notification requirement" (55 percent)

Those admissions came from "353 IT security decision makers in the US, Canada, the UK, Germany, Brazil, Japan, Australia, and New Zealand who prioritize digital transformation efforts," according to the study. The December study included results that varied between a 481 and 353 response count.

The respondents mostly (47 percent) were representative of smaller organizations, namely between 1,000 and 4,999 employees.

The GDPR segment of the study was just a small part. The study mostly made the case that organizations should want to achieve so-called "digital transformation," where organizations need to support users across various platforms, both internally and externally. This digital transformation goal, though, can add increased complexity. Forrester concluded that the organizations that were best prepared to reach digital transformation while also ensuring security were the ones that could modernize their operations and consolidate their use of vendors.

"Consolidating digital operations within fewer modernized systems -- allowing for identity management, data security, and threat protection across hybrid environments -- is the key to overcoming complexity," the study contended.

However, the study found that just 11 percent of the organizations represented in the survey had adopted that sort of consolidation and modernization approach as a critical priority.

Vendor consolidation and modernization by organizations would also help meet GDPR requirements by a factor of between 6 and 20 percentage points, the report contended based on the survey results.

In adding to embracing vendor consolidation and modernization, Forrester recommended that organizations take a security-by-design approach to operations. They should expand their data analytics capabilities by combining security information event management (SIEM) solutions with Big Data and user behavior information, along with network analyses. They should clamp down on "shadow IT" operations and simplify security for end users via multifactor authentication and biometric sign-ins, among other such details.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.