Imperva, a leading provider of best-in-class cybersecurity solutions on-premises, in the cloud and across hybrid environments, has announced the results of a survey conducted at the Infosecurity Europe trade show.
It revealed that 28% of organisations do not feel completely compliant with the European Union’s General Data Protection Regulation (GDPR).
The deadline to be compliant with GDPR was May 25. However, when asked whether they thought they would pass their first GDPR audit, less than half of the respondents said they were very confident they would pass the audit, over one-third were somewhat confident and less than one-fifth said they were not confident.
“The deadline has now come and gone, yet the study shows that many organisations aren’t sure they have achieved GDPR compliance,” said Terry Ray, CTO of Imperva. “Any company that put GDPR off until the last minute now realises compliance cannot be achieved overnight. It does not surprise me that many organisations feel unsure about the idea of a GDPR audit. The truth is many would fail.”
To assess personal data rights, the survey asked if respondents knew where all users’ personal data resided on their systems.
More than a third of respondents said they did know the location of the data while more than half said they would need an extra three months to get their house in order.
Conversely, almost 90% said they could easily respond to requests from individuals asking to disclose the information they hold on them with 57% saying their organisation had already received such a request.
As part of its efforts to keep customers’ data and applications safe from cybercriminals, Imperva provides data discovery and classification tools, user access controls, data masking, data breach detection, data transfer controls and other data compliance solutions that can assist organisations in their GDPR compliance efforts.
Commenting on the findings, Tony Richards, Group CISO at Falanx Group, said: “The results don’t surprise me as an indication of the state nationally. Organisations do seem fairly polarised on GDPR, with many businesses, especially SMEs, either ignoring it or buying some basic policy packages peddled by ‘GDPR experts’ and thinking that they are covered.
“On the other hand, you have organisations who are either using qualified consultants or investing internally to ensure that they are compliant. I think it boils down to whether the organisation, culturally, is customer-centric and therefore they see value in protecting their customers privacy, or if they see it as a compliance issue with the bare minimum to be done, if at all.”
Click below to share this article
