The General Data Protection Regulation (GDPR) is fast approaching with the May 2018 deadline just a short 9 months away, and yet one in five senior executives remain the dark about GDPR and its implications. The GDPR will apply to any organization that handles the personal data of European Union or UK residents, requiring an unprecedented level of compliance from non-EU firms, and yet even within the UK, awareness and readiness for the GDPR remain low.
Only 6% of Boards in the UK describe their business as prepared for the GDPR, according to the July 2017 Cyber Governance Health Check Report, while awareness remained mixed. 15% of organizations reported only slight awareness with GDPR, while 82% reported being somewhat to very aware. The report indicated that most Boards only occasionally give consideration to GDPR, despite the lack of readiness with GDPR requirements. Earlier this year, a survey found that one in four UK businesses cancelled their GDPR preparations, mistakenly believing they wouldn’t have to comply after Brexit.
This month, the UK Department for Digital, Culture, Media & Sports (DCMS) published its Statement of Intent outlining its preparation for the GDPR though its own Data Protection Bill, which will bring the EU law into UK domestic law and adds additional data protection rules and derogations from GDPR including ,”the concept of “privacy by design and default” to give citizens the right to know when their data has been released and a clear right of redress. From an awareness perspective, the presence of the Data Protection Bill further adds to the confusion about GDPR, with organizations now needing to prepare for two mostly identical pieces of legislation. While the Data Protection Bill could get held up before the May 2018 deadline, it remains important for all organizations dealing with EU and UK data to continue to prepare for GDPR.
The GDPR drives home some new strict rules for data regulations that require many organizations to up their data protection measures or face strict enforcement actions. With the cost of non-compliance set at an astronomical 4% of global annual revenue – not to mention damage to reputation – the time to protect yourself is now.
The short timeframe required to meet the new data protection requirements requires that organizations begin now to prepare for the GDPR to avoid hefty fines. With stricter notification windows and greater levels of data accountability, organisations must have a complete understanding of how they collect data, where it’s stored and how it’s managed in order to remain compliant. We like to think we have a handle on the sensitive data in our organizations, but with endpoint and cloud devices, that data now spreads far and wide. Businesses cannot afford devices that ‘go dark’ – they need complete visibility into endpoint assets at all times so they can identify suspicious activity and take action – whether a device is connected to the corporate network or not.
Absolute has been working with global organizations to prepare for the GDPR, deploying the latest innovations in the Absolute Platform, including Absolute Reach and Application Persistence, to ensure data and business-critical applications have the resiliency they need to self-heal when they fall out of a state of health. With the always on protection of Absolute Persistence technology, currently deployed to over 1 billion endpoint devices, organizations can rely on zero-touch remediation in the event of failure, attack or human error and greater control to stop endpoint devices from becoming a gateway to a damaging and costly data breach.
Experts have suggested that GDPR will apply to almost every organization. Learn the steps you can take now to prepare by visiting Absolute.com/GDPR
The information in this blog post is provided for informational purposes only. The materials are general in nature; they are not offered as advice on a particular matter and should not be relied on as such. Use of this post does not constitute a legal contract or consulting relationship between Absolute and any person or entity. Although every reasonable effort is made to present current and accurate information, Absolute makes no guarantees of any kind. Absolute reserves the right to change the content of this post at any time without prior notice. Absolute is not responsible for any third party material that can be accessed through this post. The materials contained in this blog post are the copyrighted property of Absolute unless a separate copyright notice is placed on the material.