NTT Security’s 2017 Risk: Value report brought to light some troubling statistics ahead of 25 May 2018 – the deadline for data compliance – suggesting one in five bosses were unsure whether GDPR applied to their company.
Essentially, any data that can be used to identify a person, spanning gender, culture, even IP addresses and biometric verifications are considered personal. And if you’re in the business of using such data then you need to be GDPR compliant.
So there’s a lot to take into account, making the statistics unveiled in NTT’s 1,350-respondent strong survey worrying given that the legislation applies to any company in the world holding or collecting data from those living in Europe.
“The fact bosses do not know and thus haven’t done their research means there is no plan of action in place,” Linda McCormack, vice president UK & Ireland at NTT Security, said. “While our respondents are not in an IT function, they should still be aware of any new compliance regulations affecting their company’s security and data, especially as the implications of non-compliance are very serious.
“Many see it as a costly and time-consuming exercise that delivers little or no value to the business, yet without it, they could find themselves losing customers, or having to pay very large regulatory fines.’’
Indeed, fines could be up to four per cent of total global annual turnover or €20m, whichever is greater. But companies could stand to loose much more if data compliance isn’t met.
According to NTT, hacked UK companies that don’t follow GDPR procedure could face an estimated drop in revenue of 9.45 per cent. Some 64 per cent of survey respondents even claimed it could lead to a loss of customer confidence, as well as damaged reputation (67 per cent).
Despite this, only 47 per cent report that preventing a security attack is a regular boardroom agenda item. And while 65 per cent have an incident response plan in place, only 44 per cent are aware of what it entails.
But of more concern, however, was that 39 per cent thought data compliance didn’t concern their business – the lowest percentage among the 11 analysed European countries.
McCormack explained: “In theory, UK organisations should be well ahead of the curve when it comes to the EU GDPR, given that it is a European data protection initiative. Brexit is no excuse, as British companies will still need to comply when dealing with countries in the EU.”