Risk

10/11/2017
09:00 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

GDPR Concerns Include 'Where's My Data Stored?'

European data protection regulations are coming like a freight train and many firms are still unprepared.

The impending mandates stipulated by the European Union's General Data Protection Regulation (GDPR) have many security and compliance officers at global organizations losing sleep, and for good reason. According to new data out last week, at the most basic levels many organizations are unprepared to even say where their most sensitive geographically resides, let alone ready for the heightened data protection requirements themselves.

A study conducted by McAfee among 800 senior business decision-makers found that only 47% of them are completely confident they know where all of their sensitive corporate data is physically stored all of the time. That's going to be a big deal in a little over seven months when GDPR officially comes into play.

One of the most stringent data privacy and protection regulations ever put in place for consumer data, GDPR ups the ante for how data physically residing in Europe and even simply pertaining to individuals in the EU is handled. That includes collection, retention, and processing. It steepens fines for breaches, cuts down breach notification windows to just a few days after discovery, and aims to put the screws to both European and global organizations to increase transparency around data protection policies. 

While many organizations have been prepping in some way or another for two years on average, many are still unprepared. In fact, the McAfee survey showed that just 44% of organizations claim a complete understanding of what GDPR means to them and only 26% of organizations believe that they can meet the regulation's 72-hour breach report deadline.

These findings are hardly out of left field. This year has seen numerous surveys continue to confirm the fact that organizations are still taking the regulations lightly. In fact, last month a survey from UK law firm Blake Morgan showed that nine out of ten organizations have not made important changes to their privacy policies to keep in line with GDPR, and nearly four in 10 hadn't taken any steps to prepare for the regulation.

"With the clock counting down to the law coming into force, we would recommend a focused effort by businesses to get to grips with the changes and implement a strategic plan of action," says Simon Stokes, a partner specializing in data protection law at Blake Morgan, who says that GDPR should be seen as an exercise good corporate housekeeping. "Not only will it avoid running the risk of financially and reputationally damaging fines or sanctions – ultimately it will assure the public’s trust in your organization at a time when data privacy and security are more important than ever before." 

The good news is that many business leaders surveyed by McAfee recognize that the kinds of data protection mechanisms spurred on by regulations like GDPR would serve as a competitive differentiator. Nearly three in four reported think that organizations are using data protection as a way of attracting new customers, and 67% think that the GDPR could help promote investment in Europe.

As things stand, the US still remains the top preferred country for data storage due to regulatory requirements, named by a plurality of 48%. Second most named was Germany, which was named by 35% of firms.

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Related Content:

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20168
PUBLISHED: 2018-12-17
Google gVisor before 2018-08-22 reuses a pagetable in a different level with the paging-structure cache intact, which allows attackers to cause a denial of service ("physical address not valid" panic) via a crafted application.
CVE-2018-20167
PUBLISHED: 2018-12-17
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME typ...
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.