Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events

Posts Tagged :

GDPR

Two thirds of UK firms won’t be GDPR compliant by May 25
By:
0

New research says UK companies are massively ill-prepared for this week’s General Data Protection Regulation (GDPR) enforcement deadline.

Less than a third (29%) of organisations surveyed by USB drive specialist Apricorn felt confident they would comply, and when questioned further and asked whether there were any areas they might be likely to fail, 81% could think of some area of the new requirements that might cause them to fail when it comes to GDPR compliance.

Fifty per cent of organisations who know that GDPR will apply to them admit that a lack of understanding of the data they collect and process is their number one concern relating to non-compliance.

On top of this, almost four in ten (37%) believe they are most likely to fail because of gaps in employee training, and almost a quarter (23%) say their employees don’t understand the new responsibilities that come with the GDPR.

While one in ten still regard the GDPR as a mere tick box exercise, a substantial proportion do view it as being of some benefit to their organisation – for example 44% agree that the new regulation is a welcome opportunity to overhaul their organisation’s data handling and security processes.

The most commonly taken step so far, for those who say they will be at least somewhat prepared for the GDPR, is to review and update their security policies for mobile working (67%). However, 30% still worry they could fail to comply due to mobile working, and almost a quarter (22%) of respondents are concerned they may fail due to a lack of encryption.

“Data or personally identifiable information (PII) is at the heart of GDPR and mapping and securing it should be every organisation’s number one priority. By now, all employees, from the top down, should have an understanding of the importance of GDPR and the role they play in keeping this data safe,” said Jon Fielding, Managing Director, EMEA Apricorn. “While we know that many organisations have provided some form of employee training, clearly in some cases this hasn’t been effective and organisations should address these gaps urgently.”

Firms still not ready for GDPR with less than 3 weeks to go
By:
0

Only 6 in 10 company directors say they are confident their organisation will be ‘fully compliant’ with new data protection laws set to come in later this month, a new survey from the Institute of Directors reveals.

The poll of 700 bosses shows many businesses remain unprepared for the changes with just three weeks to go until GDPR comes into force.

Business leaders’ confidence in their preparations has declined over the past six months as the sheer scale of the regulations has come into view. Many business leaders are also less sure about how the new rules will affect their firms, with around 40% reporting they are not confident or unsure as to how GDPR will impact their company.

In preparing for the reforms, businesses were most likely to turn to external private advisors, business membership organisations, such as the IoD, and the Information Commissioner’s Office (ICO) for guidance. The IoD has so far directly assisted over a thousand of its members, providing guidance and template policies.

The new laws predominantly impact how businesses engage with customers and clients. However, directors also report that GDPR compliance is affecting processes in HR and IT, as well as their governance practices.

“GDPR has been a long time coming for businesses, but it is only proving more formidable as the deadline looms and companies drill down into the detail. The regulator has assured small businesses that there will be not be a sudden inquisition once the rules enter into effect, but with such large penalties for non-compliance, firms must assess what they have to do to avoid falling foul of the legislation, and they must do so soon,” said Jamie Kerr, Head of External Affairs at the Institute of Directors.

“While the regulations may be burdensome, the overriding impulse amongst company directors now is simply to follow the rules. However, SMEs, who are facing a whole host of competing priorities and generally cannot rely upon dedicated compliance teams, are still finding it difficult to digest the sheer scale of the legal changes.

“The Government’s immediate priority should be to ensure the ICO has the resources it needs to make a big final push to assist small businesses in the run up to this month’s deadline”.

60% of UK businesses won’t be ready for GDPR deadline
By:
0

A new report by Crowd Research Partners has revealed that only 40 per cent of organisations are either GDPR compliant or well on their way to compliance by the May 2018 deadline.

The report highlights the lack of GDPR expertise and an overall underestimation of the effort required to meet GDPR, which represents the most sweeping change in data privacy regulation in decades.

The key findings of the study include:

  • A whopping 60% of organisations are at risk of missing the GDPR deadline. Only 7% of surveyed organizations say they are in full compliance with GDPR requirements today, and 33% state they are well on their way to compliance deadline.
  • While 80% confirm GDPR is a top priority for their organization, only half say they are knowledgeable about the data privacy legislation or have deep expertise; an alarming 25% have no or only very limited knowledge of the law.
  • The primary compliance challenges are lack of expert staff (43%), closely followed by lack of budget (40%), and a limited understanding of GDPR regulations (31%). A majority of 56% expect their organization’s data governance budget to increase to deal with GDPR challenges.
  • Approximately a third of surveyed companies report that they will need to make substantial changes to data security practices and systems to be in compliance with GDPR. The highest ranked initiative for meeting EU GDPR compliance is to make an inventory of user data and map it to protected EU GDPR categories (71%), followed by evaluating, developing, and integrating solutions that enable GDPR compliance.

The 2018 GDPR Compliance Report has been based on a comprehensive online survey of IT, cybersecurity and compliance professionals in the 400,000-member Information Security Community on LinkedIn, and has been produced in partnership with Alert Logic, AlienVault, Cavirin, Data443, D3 Security, Haystax Technology, and Securonix.

To download a copy, click here.

GDPR

Average spend on GDPR compliance ‘tops $1.5 million per global organisation’
By:
4

An EfficientIP X-Day study says average spend on GDPR compliance tops $1.5 million per global organisation, with less than 100 days to go before the deadline for EU GDPR compliance on 25th May this year.

EfficientIP, through independent market research firm Coleman Parkes, asked over 1,000 companies worldwide about their preparation plans for GDPR. Among the key findings were:

  • Over two-thirds of global businesses at 72% are confident they will have all required GDPR compliance processes in place by 25th May 2018.
  • North America is the most confident region in world, with American and Canadian organisations saying they will be prepared at 84% and 75% respectively.
  • Despite the on-going Brexit negotiations and uncertainty looming over the enforcement and effectiveness of the EU GDPR regulation on local businesses, the UK is the most confident nation in Europe, with 74% saying they will be ready by deadline day.
  • In comparison, Spanish businesses are a close second to the UK at 73%, dropping to 66% of French respondents. German organisations are the least confident in Europe at 61%.

Businesses worldwide believe there will be a variety of benefits they will gain from being GDPR compliant. Nearly half of all organisations surveyed, at 46%, say the most important benefit from being GDPR compliant is gaining customer trust to handle sensitive data.

31% of businesses believe the most important value from compliance is enhanced brand awareness. 18% of respondents felt GDPR compliance will increase customer loyalty is the most important benefit.

APAC, North America and Europe businesses believe the biggest positive impact from compliance is increased trust in handling customer data at 53%, 46% and 41% respectively.

European organisations lead the study in saying increased customer loyalty is the biggest impact at 22%, with North America and APAC following respectively at 15%, 14%.

On average, global organisations have so far spent $1,583,000 (£1,145,000) on GDPR compliance. Globally, European businesses have spent the most on average on compliance with Germany leading at $1,969,000 (£1,424,000), followed by the UK with $1,798,000 (£1,300,000), with France completing the top three at $1,781,000 (£1,288,000).

USA and Singapore tops regional spending in North America and APAC, investing $1,568,000 (£1,134,000) and $1,521,000 (£1,100,000) respectively on average. Small and Medium Business have spent on average $1,263,000 (£893,000) so far on compliance, whereas large businesses have spent up to $5 (£3.5) million on compliance.

A key element in EU GDPR is for businesses to provide adequate data protection. In response to this regulatory requirement, 38% of global organisations are convinced that better monitoring and analysis of DNS traffic is the best option to provide data protection in their networks, whilst 35% think securing network endpoints is best and only 21% choose to add more firewalls.

EfficientIP says this shows organisations are finally realising, after the various successful data breaches over the last year, that firewall technology is no longer adequate.

APAC, North America and European organisations are confident in DNS monitoring and analysis technology at 40%, 37% and 36% respectively.

Commenting on the study figures, Herve Dhelin, SVP Strategy at EfficientIP, said: “As organisations enter the final straight of GDPR compliance with 100 days to go, our research shows they have never been so close to regulatory compliance. There is still some work to do, but it is encouraging to see nearly three-quarters of businesses are ready and most organisations see monitoring and analysis of DNS traffic, not firewalls nor endpoints, is the best way of preventing data breaches.”

GDPR

A quarter of UK consumers eye up potential GDPR compensation pay-outs
By:
0

A survey of 1,000 UK consumers suggests that around half (52 per cent) would make a request if they suspected their personal information was being held without their consent.

According to the data from Macro 4 and MaruUsurv, 39 per cent would consider doing it just because they are curious to see what data companies are holding about them; and 26 per cent would make a request if there was a chance of compensation – which is possible if the rules were not being followed or their privacy was being breached, for example.

17 per cent would make a request in order to ‘get back’ at companies who had given them a negative experience.

In fact, only seven per cent of UK consumers would not be interested in seeing the personal information companies are holding about them, according to the survey.

As such, the research indicates GDPR requests will pose a challenge for organizations, both because personal data now includes so many different types of information and because it is difficult to predict just how many requests to prepare for.

Lynda Kershaw, Marketing Manager at Macro 4, said: “Personal information can be anything that is identifiable to an individual: everything from contact details, date of birth and credit card numbers, to information within emails and social media conversations, letters, bills and policy documents. Much of this is unstructured information held in separate systems controlled by different business departments and cannot be pulled together at the snap of your fingers.

“And things get even more complicated if you’re an online or ecommerce business that tracks people’s online behavior – such as the web pages they visit and ads they click – for marketing purposes. Under the new rules, cookies, IP addresses and other online identifiers all count as personal data. You need to explain exactly how you are using this kind of information, and be able to respond to customer queries about it, too.”

62 per cent of the survey sample said they want stricter rules surrounding data collected about people’s online behavior (sites they visit, ads they click and purchases they make). The GDPR takes account of this by classifying online identifiers such as computer IP addresses as personal information.

Surprisingly, with over six months to go before the GDPR takes effect, the research suggests that 66 per cent of consumers already have some awareness of the regulation. 43 per cent say they want to see bigger fines for companies who are not following data protection rules.

While tough financial penalties are expected for failing to comply with the GDPR, experts believe companies should also be concerned about compensation litigation, which could mimic the activity that has grown around Payment Protection Insurance (PPI) compensation pay-outs.

This supposes that hundreds or thousands of individuals could be brought together by law firms to mount ‘no-win, no-fee’ class actions against organizations who have not adhered to the new data privacy regulation.

Other findings of the Macro 4 research include:

  • 42% of consumers find it difficult to keep track of personal information they have consented to organizations collecting
  • 41% would be more likely to use a company that made it easier to understand what personal information they are holding and how it will be used
  • 31% want companies to provide discounts, special offers and other incentives in exchange for their personal information

For more background on the survey results download Macro 4’s accompanying report ‘The GDPR: what consumers think’ at: http://www.macro4.com/the-gdpr-what-consumers-think.

Mind appoints PSONA to help tackle GDPR issues
By:
4

Mental health charity Mind has appointed customer engagement agency PSONA to deliver a campaign to ‘educate and empower’ its supporters, assisting them in being able to opt-in to Mind’s communications.

Under the new GDPR directive, pre-ticked boxes to give implied consent will no longer be accepted, forcing charities such as Mind to rethink how they contact donors and potential supporters.

Failure to comply with GDPR rules can bring fines of up to 20 million Euros, or 4% of annual revenue, whichever is higher.

“As the changes around GDPR draw nearer, we wanted an agency with strong credentials and experience to help take us through it,” said Annabel Davis, head of communications and marketing at Mind.

“Mind only exists because of the amazing support of people who donate, fundraise, speak out on mental health, and give up their time to volunteer for us or tell us how to improve,” added Davis.

GDPR

Only 6% of UK firms fully prepared for GDPR
By:
0

Britain’s top firms and charities urgently need to do more to prepare for General Data Protection Regulation (GDPR), according to new Government research.

The findings were part of the FTSE 350 Cyber Governance Health Check – the UK Government’s annual report providing insight into how the UK’s biggest 350 companies deal with cyber security.

The Government will soon be introducing its new Data Protection Bill to Parliament. With this coming into effect next May, implementing the General Data Protection Regulation (GDPR), the report for the first time included questions about data protection.

The new data protection law will strengthen the rights of individuals and provide them with more control over how their personal data is being used.

The report found:

  • Awareness of GDPR was good, with almost all firms (97 per cent) aware of the new regulation
  • Almost three quarters (71 per cent) of firms said they were somewhat prepared to meet the GDPR requirements, with only 6 per cent being fully prepared
  • Just 13 per cent said GDPR was regularly considered by their board
  • 45 per cent of Boards say they are most concerned with meeting GDPR requirements relating to an individual’s right to personal data deletion

The Information Commissioner’s Office has produced guidance for organisations on implementing the regulation, including a checklist for businesses on the actions they need to take; and a series of interactive workshops and webinars.

The ICO will also produce guidance for organisations about the responsibilities under the GDPR and individuals on their rights under the GDPR.

The Department for Digital, Culture, Media and Sport will continue to work closely with the Information Commissioner’s Office (ICO) during this transitional period.

The FTSE 350 Cyber Governance Health Check is carried out in collaboration with the audit community, including Deloitte, EY, KPMG and PWC.