Are businesses prepared?
Many businesses don't have any plan what to try to to and do not wish to understandthe nettle," says Mark Thompson, a partner in KPMG's privacy consultive follow.
"There's loads of information and panic around at the instant, however if businesses do not take responsibility for this at board level they'll fail.
"This can have an effect on each half their business."
And Chris Daly, chief government of the leased Institute of promoting, says: "There may be a real lack of awareness regarding this issue in our sector - hour thought it would nothave an effect on their business in the least."
"There's loads of information and panic around at the instant, however if businesses do not take responsibility for this at board level they'll fail.
"This can have an effect on each half their business."
And Chris Daly, chief government of the leased Institute of promoting, says: "There may be a real lack of awareness regarding this issue in our sector - hour thought it would nothave an effect on their business in the least."
GDPR specialist EMW Law believes just 29% of UK businesses have begun preparing for the change, "a shocking figure, as on average organisations need 12-15 months to prepare", the firm says.
With cyber-attacks on the rise and growing in sophistication, data breaches are becoming almost inevitable. So will your firm be able to demonstrate that it took all reasonable steps to protect personal data from this threat?
Will it be able to show that it reported any breach within the 72-hour window following discovery?
What should they be doing?
One of the reasons many businesses seem unprepared for GDPR is that they don't know enough about the data they hold, argues Rashmi Knowles, European chief technology officer at security firm RSA.
"A lot of companies don't even know where their data is, how it is being used, or what policies are in place governing how it can be used," she says.
So the first and most important task is to carry out a comprehensive data audit and make sure the top brass are fully behind this.
More Technology of Business
- The 'Babypod' carrier that comes with an F1 pedigree
- Why your bananas could soon cost more in the afternoon
- Ant power: The bus that runs on formic acid
Research by Sharp finds that a quarter of workers interviewed admitted to storing work information in the public cloud against company policy, two-fifths use their own devices at work, and a third take work home with them.
All these practices are potential security weaknesses.
Personal data - from customer databases to employee payroll information - may well be insecure without your firm even knowing it.
But ignorance of this will be no excuse under the GDPR.
What about sharing data?
"There are hundreds of thousands of documents online that shouldn't be publicly available," says James Chappell at security company Digital Shadows.
"Supply chains are often not looking after customer data properly."
And this is a point many companies are overlooking, warns Mr Lee.
No comments:
Post a Comment