NTT Security’s £2017?Risk: Value report brought to light some troubling’statistics ahead of 25 May 2018 the deadline for data compliance suggesting?one in five bosses were unsure whether GDPRApplied to their company.
Essentially, any data that can be used to identify a person, spanning?gender, culture, even IP addresses and biometric verificationsAre considered personal. And if you’re in the business of using such data then you need to be GDPR compliant.
So there’s a lot to take into account, making the’statistics unveiled in NTT’s?1,350-respondent strong survey worrying?given?that the legislation applies to any companyin the world holding or collecting data from those livingin Europe.
“The fact bosses do not know and thus haven’t done their research means there is no plan of action in place,” Linda McCormack, vice president UK & Ireland at NTT Security, said. “While our respondents are not in an IT function, they should still be aware of any new compliance regulations affecting their company’s security and data, especially as the implications of non-compliance are very serious.
“Many see it as a costly and time-consuming exercise that delivers little or no value to the business, yet without it, they could find themselves losing customers, or having to pay very large regulatory fines.
Indeed,”fines could be up to”four per cent of total global annual turnover or £20m, whichever is greater. But companies could stand to loose much more if data compliance isn’t met.
According to NTT, hacked UK companies that?don’t follow GDPR procedure could face anestimated drop in revenue of 9.45?per cent. Some 64?per cent of survey respondents even claimed it could lead to a loss of customer confidence, as well as damaged reputation (67?per cent).
Despite this, only?47?per cent report that preventing a security attack is a regular boardroom agenda item. And while 65?per cent have an incident response plan in place, only 44 per cent are aware of what itentails.
But of more concern, however, was that 39 per cent thought data compliance didn’t concern their business?” the lowest percentageAmong the 11 analysed European countries.
McCormack explained:?“In theory, UK organisations should be well ahead of the curve when it comes to the EU GDPR, given that it is a European data protection initiative. Brexit is no excuse, as Britishcompanies will still need to comply when dealing with countries in the EU.”