Risk

10/11/2017
09:00 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

GDPR Concerns Include 'Where's My Data Stored?'

European data protection regulations are coming like a freight train and many firms are still unprepared.

The impending mandates stipulated by the European Union's General Data Protection Regulation (GDPR) have many security and compliance officers at global organizations losing sleep, and for good reason. According to new data out last week, at the most basic levels many organizations are unprepared to even say where their most sensitive geographically resides, let alone ready for the heightened data protection requirements themselves.

A study conducted by McAfee among 800 senior business decision-makers found that only 47% of them are completely confident they know where all of their sensitive corporate data is physically stored all of the time. That's going to be a big deal in a little over seven months when GDPR officially comes into play.

One of the most stringent data privacy and protection regulations ever put in place for consumer data, GDPR ups the ante for how data physically residing in Europe and even simply pertaining to individuals in the EU is handled. That includes collection, retention, and processing. It steepens fines for breaches, cuts down breach notification windows to just a few days after discovery, and aims to put the screws to both European and global organizations to increase transparency around data protection policies. 

While many organizations have been prepping in some way or another for two years on average, many are still unprepared. In fact, the McAfee survey showed that just 44% of organizations claim a complete understanding of what GDPR means to them and only 26% of organizations believe that they can meet the regulation's 72-hour breach report deadline.

These findings are hardly out of left field. This year has seen numerous surveys continue to confirm the fact that organizations are still taking the regulations lightly. In fact, last month a survey from UK law firm Blake Morgan showed that nine out of ten organizations have not made important changes to their privacy policies to keep in line with GDPR, and nearly four in 10 hadn't taken any steps to prepare for the regulation.

"With the clock counting down to the law coming into force, we would recommend a focused effort by businesses to get to grips with the changes and implement a strategic plan of action," says Simon Stokes, a partner specializing in data protection law at Blake Morgan, who says that GDPR should be seen as an exercise good corporate housekeeping. "Not only will it avoid running the risk of financially and reputationally damaging fines or sanctions – ultimately it will assure the public’s trust in your organization at a time when data privacy and security are more important than ever before." 

The good news is that many business leaders surveyed by McAfee recognize that the kinds of data protection mechanisms spurred on by regulations like GDPR would serve as a competitive differentiator. Nearly three in four reported think that organizations are using data protection as a way of attracting new customers, and 67% think that the GDPR could help promote investment in Europe.

As things stand, the US still remains the top preferred country for data storage due to regulatory requirements, named by a plurality of 48%. Second most named was Germany, which was named by 35% of firms.

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Related Content:

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8933
PUBLISHED: 2019-02-19
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on ...
CVE-2019-7629
PUBLISHED: 2019-02-18
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
CVE-2019-8919
PUBLISHED: 2019-02-18
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2019-8917
PUBLISHED: 2019-02-18
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may b...
CVE-2019-8908
PUBLISHED: 2019-02-18
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/g...