Risk

10/11/2017
09:00 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

GDPR Concerns Include 'Where's My Data Stored?'

European data protection regulations are coming like a freight train and many firms are still unprepared.

The impending mandates stipulated by the European Union's General Data Protection Regulation (GDPR) have many security and compliance officers at global organizations losing sleep, and for good reason. According to new data out last week, at the most basic levels many organizations are unprepared to even say where their most sensitive geographically resides, let alone ready for the heightened data protection requirements themselves.

A study conducted by McAfee among 800 senior business decision-makers found that only 47% of them are completely confident they know where all of their sensitive corporate data is physically stored all of the time. That's going to be a big deal in a little over seven months when GDPR officially comes into play.

One of the most stringent data privacy and protection regulations ever put in place for consumer data, GDPR ups the ante for how data physically residing in Europe and even simply pertaining to individuals in the EU is handled. That includes collection, retention, and processing. It steepens fines for breaches, cuts down breach notification windows to just a few days after discovery, and aims to put the screws to both European and global organizations to increase transparency around data protection policies. 

While many organizations have been prepping in some way or another for two years on average, many are still unprepared. In fact, the McAfee survey showed that just 44% of organizations claim a complete understanding of what GDPR means to them and only 26% of organizations believe that they can meet the regulation's 72-hour breach report deadline.

These findings are hardly out of left field. This year has seen numerous surveys continue to confirm the fact that organizations are still taking the regulations lightly. In fact, last month a survey from UK law firm Blake Morgan showed that nine out of ten organizations have not made important changes to their privacy policies to keep in line with GDPR, and nearly four in 10 hadn't taken any steps to prepare for the regulation.

"With the clock counting down to the law coming into force, we would recommend a focused effort by businesses to get to grips with the changes and implement a strategic plan of action," says Simon Stokes, a partner specializing in data protection law at Blake Morgan, who says that GDPR should be seen as an exercise good corporate housekeeping. "Not only will it avoid running the risk of financially and reputationally damaging fines or sanctions – ultimately it will assure the public’s trust in your organization at a time when data privacy and security are more important than ever before." 

The good news is that many business leaders surveyed by McAfee recognize that the kinds of data protection mechanisms spurred on by regulations like GDPR would serve as a competitive differentiator. Nearly three in four reported think that organizations are using data protection as a way of attracting new customers, and 67% think that the GDPR could help promote investment in Europe.

As things stand, the US still remains the top preferred country for data storage due to regulatory requirements, named by a plurality of 48%. Second most named was Germany, which was named by 35% of firms.

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Related Content:

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.