Page 5 - AeM_May_2018
P. 5
RESEARCH, ANALYSIS & TRENDS
GDPR leads to a reduction in data
collection and storage
Another important finding of the study is that companies
use the GDPR as an opportunity to streamline their
approach to data and reduce the total amount of data
they are managing. For many companies, this means
vastly cutting down on the amount of data they collect,
store and share. Why the human factor is pivotal
The sustainable implementation of the new GDPR is
According to the new study, organizations reported
taking the following actions in response to the GDPR: not purely an IT matter but must also involve
employees and processes and IBM show us how this
80% say they are cutting down on the amount of works, too.
personal data they keep
According to IMB’s research, avoidable human errors
78% reduce the number of people who have access are responsible for a large amount of data loss. In the
to personal information annual IBM X-Force Threat Intelligence Index 2018, the
company concluded that "inadvertent insiders" -
70 % are disposing of data that is no longer needed employees who inadvertently cause security incidents
through negligence - account for two-thirds of all
The study found that the biggest challenges compromised records in 2017. The errors include some
organizations face in complying with the GDPR are elementary actions, such as clicking malicious links
finding personal data within their organization (data sent as part of a phishing attack, as well as
gathering), ensuring the accuracy of the collected and misconfiguration of servers and network devices.
stored data and adhering to rules how data is analyzed
and shared (data processing principles). Other areas of The latter are said to account for more than two-thirds
concern include the handling of cross-border data (70%) of all data loss due to human error, the report
transfers and obtaining the consent of the data subjects said. First and foremost, the number of cases has
since less than half of respondents said they were increased dramatically due to poorly configured cloud
sufficiently prepared for these aspects of the GDPR. servers: 424% more data sets than in the previous year
were stolen by this security breach.
.
A key element of the GDPR is the requirement for The remaining third is due to individuals. Phishing
companies to report data loss within 72 hours to the attacks induce employees to open malicious links or
regulatory authorities. However, the study found that attachments, which in turn install malicious software on
only 31% of companies reviewed or changed their the system. Regarding the EU GDPR, such errors can
incident response plans in preparation for this not only damage the public image of the company but
requirement, which is a blind spot in the overall be quite costly. As announced, up to 4% of the total
approach to GDPR. annual turnover achieved in the past financial year may
be imposed as sanctions for the breach of the
Regulation. Investing in the privacy of personal
While challenges remain, a significant proportion of the information can clearly minimize these risks.
surveyed companies (22%) use the GDPR as a fully
transformative business opportunity for their data What IBM points out is the fact that the introduction of
ownership and management approach: new IT technologies alone cannot solve privacy issues,
as trained employees are at least as important in the
93% have modified their incident response safe handling of data as the corresponding
processes infrastructure.
79% said they were prepared for performing data Enterprise-wide, easy-to-implement policies that
discovery and ensuring data accuracy
describe data processing and data access processes
can make an impact. ◊
74% said they would consider data security and
privacy for new products and services "by design" By MediaBUZZ
MediaBUZZ Pte Ltd - Independant ePublisher for Asia