Most businesses believe stronger data protection policies will lead to fewer breaches
In light of new data privacy legislations, a new Webroot report looks at how businesses in the U.S., U.K., and Australia are adjusting to new data security measures in order to meet compliance requirements.
Specifically, the report measures organisations’ readiness to comply with the General Data Protection Regulation (GDPR), and Australia’s Notifiable Data Breaches (NDB). The results reveal that 95 percent of IT decision makers (ITDMs) surveyed agree that there will be fewer data breaches as a direct result of stronger data protection policies.
Key global findings and analysis
Organisations stick close to home when it comes to gathering and using personal information. Almost all (99 percent) of U.K. ITDMs compile data from within the European Union, similar to those in Australia (99 percent) and the U.S. (100 percent) who pull personal information from customers within their own countries.
ITDMs in the U.S. reveal they are behind in both GDPR and NDB compliance, with a total of only 12 percent saying they are currently compliant, whereas nearly all (99 percent) of U.K. businesses claim to be GDPR compliant and a majority (89 percent) of Australian businesses claim to be NDB compliant.
Confidence levels are high across the board. The majority (96 percent) of ITDMs feel confident that their fellow employees are equipped to comply with GDPR or NDB. Surprisingly, 78 percent of U.S. ITDMs indicate they are very confident, compared to the U.K. at 15 percent and Australia at 19 percent.
UK ITDMs are less confident than those in the U.S. and Australia about their ability to provide all information on EU citizens within one month of request. U.S. ITDMs (83 percent) say they are very confident, significantly more than their U.K. (18 percent) and Australian (50 percent) counterparts. However, a total of 95 percent have some level of confidence in their ability to meet this request.
All ITDMs report that their organisation will be training their employees on GDPR and NDB regulations, however only half (53 percent) of companies worldwide have already completed training for GDPR, and less than one fifth (19 percent) have completed training for NDB.
“While it doesn’t come as much of a surprise that each respective country is focused on its own citizens’ data, organisations have to remember that in a global marketplace, their business impacts citizens beyond their own borders,” said Megan Shields, Data Protection Officer, Webroot.
Advice for businesses
- Know your data. You must know what personal data your organisation has, where it’s stored, and in what systems. Regularly schedule audits and allocate resources for this work.
- Delete. Make sure any data you do not need is deleted securely. There are legal requirements for maintaining certain types of data, but when data retention is not required, disposing of it helps reduce risk.
- Communicate. With any process change, effective communication is essential. Proper internal communications with employees and external communications with suppliers will help make them aware of changes and give them time to amend their own processes.
- Assess. When auditing personal data processes in relation GDPR and NDB, consider if a privacy impact assessment is required.
- Comply. If there is a security breach within your organization, follow the rules outlined by GDPR and NDB. Under these regulations, it’s essential to be transparent and inform affected individuals within the specified timeline.