GDPR: A Well-intentioned Concept Hits the Realities of Implementation

75% of Organizations Will Struggle to Meet EU GDPR Regulations by Deadline, Survey Finds

Varonis Systems, Inc. (NASDAQ:VRNS), a leading provider of software solutions that protect data from insider threats and cyberattacks, released findings today from an independent survey probing attitudes towards the EU General Data Protection Regulations (EU GDPR), due to come into effect one year from today.

The survey, which polled 500 IT decision makers in the UK, Germany, France and the U.S., reveals that 75% of organizations indicate they will struggle to be ready for the deadline.  An additional 42% say that it’s not a priority for their businesses, despite the threat of fines which could cost companies up to 4% of global turnover or €20 million (whichever is greater).

Over 90% of respondents see challenges complying with GDPR by the deadline. Among the top three challenges:

• 55% say they are challenged to meet Article 17, the “Right to be forgotten,” where they must discover and target specific data and automate removal when requested by the consumer.
• 52% face challenges to identify personal information on their systems, understand who has access to it and who is accessing it, and know when this data can and should be deleted according to Article 30, records of processing activities.
• 50% struggle with Article 32, the security of processing, which means organizations must ensure least privilege access, implement accountability via data owners and provide reports that policies and processes are in place and successful.

“Almost one third of respondents have not conducted a data impact assessment in order to determine who has access to personal data according to Article 35 of the regulation. This means that they don’t have a handle on where their most sensitive data resides,” said Brian Vecci, Technical Evangelist at Varonis. “You can’t catch what you can’t see, and if organizations aren’t assessing their data risk profiles now, how do they know they’re protecting their data from a breach today let alone meeting these regulations in one year’s time?

In the 2017 Varonis Data Risk Report, 47% of organizations had 1,000 or more sensitive files accessible to every employee in the organization — this includes sensitive personal information. GDPR means that it’s more critical than ever to know your data. Where is your sensitive data stored? Who is accessing it? Who should be accessing it?”

Other interesting findings include:

• The top GDPR benefits organizations expect include knowing the location of personal information on their network (47%) and a reduction in the likelihood that their organization will experience a high profile data breach (44%).
• The top expected drawbacks include increased costs (38%) and added complexity (32%).
• There was a global consensus that the banking and financial sectors were most likely to receive the first fines should they experience a data breach (34% overall, and top selections in each country).
• Just over two thirds (68%) of respondents agree that an organization from the UK will be made an example of should they breach any part of the EU GDPR, as a result of Brexit.
• German regulators are expected to be the most rigorous in holding companies in breach of the regulations to account, followed by the UK and then French regulators.

The independent survey on attitudes towards GDPR was commissioned by Varonis and carried out by Vanson Bourne. Respondents were 500 IT decision makers of organizations with 1,000+ employees comprised of 100 respondents each in the United Kingdom, France and Germany and 200 in the United States.  The survey was conducted between 17^th April and 9^th May 2017.

Read the full survey findings: www.varonis.com/GDPR-survey-2017.  Varonis Offers Free Online Course by Troy Hunt to Help Organizations Build a GDPR Attack Plan

About Varonis
Varonis is a leading provider of software solutions that protect data from insider threats and cyberattacks. Through its innovative Data Security Platform, Varonis allows organizations to analyze, secure, manage, and migrate their volumes of unstructured data. Varonis specializes in file and email systems that store valuable spreadsheets, word processing documents, presentations, audio and video files, emails, and text. This rapidly growing data often contains an enterprise’s financial information, product plans, strategic initiatives, intellectual property, and confidential employee, customer or patient records.

IT and business personnel deploy Varonis software for a variety of use cases, including data security, governance and compliance, user behavior analytics, archiving, search, and file synchronization and sharing. With offices and partners worldwide, Varonis had more than 5,500 customers as of March 31, 2017, spanning leading firms in financial services, healthcare, public, industrial, insurance, energy and utilities, media and entertainment, consumer and retail, technology and education sectors.

Source:  Varonis.com