Profile image
Story Views
Now:
Last Hour:
Last 24 Hours:
Total:

Heading towards the perfect storm: More than half of UK businesses are still not fully GDPR compliant according to Egress survey

% of readers think this story is Fact. Add your two cents.


Findings reveal that 37% of respondents have reported an incident to the ICO in the past 12 months, with double the amount being reported from mid-sized organisations versus larger enterprises.

London, UK, 11th September 2019: A survey of UK GDPR decision-makers conducted on behalf of Egress, the leading provider of people-centric data security solutions, has revealed that 52% of businesses are not fully compliant with the regulation, more than a year after its implementation.

The survey also found that 37% of respondents had reported an incident to the ICO in the past 12 months, with 17% having done so more than once. Interestingly, the results showed that over half (53%) of mid-size companies had reported data breaches to the ICO in the past 12 months, compared with 36% of small companies and only 23% of enterprise organisations*. Similarly, a notably lower percentage (39.5%) of mid-sized companies reported full GDPR compliance compared with 56% of large and 51% of small companies. Taken together, these figures indicate an evident gap in compliance performance among mid-size companies.

Other key survey findings include:

• Only half of decision-makers (48%) reported that their business was fully compliant
• 42% rated their organisation as ‘mostly compliant’
• Over one-third (35%) said GDPR has become less of a priority for their organisation in the last 12 months
• Implementing new processes around the handling of sensitive data has been the greatest area for compliance investment in the last 12 months, cited by 28% of those surveyed
• Compliance investment priorities were then split across better auditing of what data is collected and why (18%), employment of a Data Protection Officer or other compliance personnel (18%), and new technology (17%). 7% said user education and training had been their biggest area of investment.

A lessening focus on GDPR in the last 12 months
A significant proportion (35%) of GDPR decision-makers said that the majority of compliance activity had taken place in the lead up to the May 2018 deadline and had since dropped down the priority list and remained less important. Only 6% said that the ICO’s recent high-profile announcements of its intention to fine British Airways and Marriott had subsequently shocked the business back towards greater awareness. While 70% of decision-makers surveyed said that their organisation felt very positively about GDPR, less than two thirds (62%) said their business had made GDPR a top priority over the past year.

Tony Pepper, CEO, Egress comments: “Since the rush to meet last May’s deadline, we now appear to be seeing an ‘almost compliant is close enough’ attitude towards GDPR, with a significant percentage of decision-makers indicating that focus has waned in the past 12 months. The wait of more than a year between implementation and the first action taken by the ICO under GDPR seemed to lead to a perception outside the security industry that the regulation was ‘all bark and no bite’. Although the authority’s announcement that it intends to fine British Airways and Marriott such staggering sums sent shockwaves through the security community, it is concerning only 6% of organisations have taken action to avoid the full potential of the legislation. These announcements should definitely have acted as a clearer warning that organisations cannot risk compliance complacency.

“This is important for businesses in the small and mid-market segments, where our survey found lower compliance levels being reported. Although the ICO’s action to date has focused on two well-known enterprise organisations, GDPR demands compliance from businesses of all sizes and they need to take all necessary steps towards protecting data.”

Overcoming human error to tackle data breaches
When asked about their single greatest area of compliance investments, decision-makers chose:
• Implementing new processes around the handling of sensitive data (28%)
• Better auditing around what data we collect and for what reasons (18%)
• Employment of a Data Protection Officer or other additional compliance staff (18%)
• New technology (17%)
• Implementing new procedures around incident reporting (8%)
• End-user education and training (7%)

Yet despite these investments, over one-third of respondents (37%) have reported at least one incident to the ICO in the last 12 months. According to analysis of ICO data**, 60% of security-related personal data breach incidents in the first six months of 2019 were caused by human error.

Pepper adds: “The majority of respondents (96%) acknowledged their organisation has made investments in GDPR compliance in the last 12 months, with implementing new processes the most common top priority. Yet despite this, we continue to see data breach incidents being reported and we know from the ICO that the primary cause is human error – so clearly strategies need to shift if we are going to turn the tide against data breaches. Reliance on people to follow processes and protect data is only going to get organisations so far: people are always going to make mistakes or behave unexpectedly, and more must be done to provide a safety net that protects sensitive information.

“It’s positive to see that almost one-fifth (17%) of respondents are looking to technology as a way to mitigate breaches, but they must ensure these solutions tackle human error as the root causes of many of these incidents. They must look to the latest advances in security and DLP technology that can map a user’s behaviour to prevent the array of mistakes that put data at risk – from falling for phishing attacks that can lead to malware or stolen credentials, to misdirecting emails or attaching the wrong documents. GDPR is here to stay, and we’re only going to see more companies penalised for data breaches unless we’re able to overcome these issues.”

* Small companies = 1-249 employees
Mid-size companies = 250-999 employees
Large companies = 1000+ employees

** ICO figures reference data from the ICO’s ICE360 systems obtained via a Freedom of Information request asking for details of data breach incidents or losses (data protection cases) with natures that reflect a Principle 7 or ‘security’ angle under the Data Protection Act or principle (f) under the General Data Protection Regulation, from 1 January 2019 – 20 June 2019.

Support BeforeitsNews by trying our natural health products! Join our affiliate program
Order by Phone at 888-809-8385 or online at www.mitocopper.com


Get our Free Ebook, "Suppressed Health Secrets"  with  Natural Cures THEY don't want you to know!

APeX - Far superior to colloidal silver!  Destroys Viruses, Bacteria, Pathogens with Oxygen plus Silver!Supreme Fulvic - Nature's most important supplement! Vivid Dreams again!
Ultimate Curcumin - Natural pain relief, reduce inflammation and so much more.
MitoCopper - Bioavailable Copper destroys pathogens and gives you more energy. (See Blood Video)
Oxy Powder - Natural Colon Cleanser!  Cleans out toxic buildup with oxygen!  
Organic Hemp Extract (CBD) - Full Spectrum high CBD (3300mg) hemp extract eases stiff joints, relieves stress and more!
Nascent Iodine - Promotes detoxification, mental focus and thyroid health.

Smart Meter Cover -  Reduces Smart Meter radiation by 96%!  (See Video)


FINAL WARNING!   Diseases are EXPLODING!  Watch this Video about APeX and You'll THROW AWAY Your Colloidal Silver!   APeX destroys Viruses, Bacteria and other Pathogens with the power of Oxygen PLUS Silver!  Nobody else has a product like THIS!   See why the inventor hasn't been sick in 16 years and why you'll never hear about it on the FAKE NEWS!  Get some now and tell your friends about it too so we can reach more people!  

APeX Interview - Superior to Colloidal Silver from Lee Canady on Vimeo.

Learn about APeX Here and Get the 50 Page Report in PDF format.   Call us at 888-809-8385 to order by phone.

Report abuse

Comments

Your Comments
Question   Razz  Sad   Evil  Exclaim  Smile  Redface  Biggrin  Surprised  Eek   Confused   Cool  LOL   Mad   Twisted  Rolleyes   Wink  Idea  Arrow  Neutral  Cry   Mr. Green

SignUp

Login

Newsletter

Email this story
Email this story

If you really want to ban this commenter, please write down the reason:

If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.