<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2038511469714819&amp;ev=PageView&amp;noscript=1">

Organizations neglecting data protection duties

19 Mar., 2018

You would have thought data security and privacy would be a concern for organizations to prioritize, especially given the recent spate of data breaches that have made the headlines in the past year. Well, not according to the latest PwC 2018 Global State of Information Security Survey (GSISS), which queried 9,500 technology executives from 122 countries on their abilities to provide adequate data protection.

The research found that just over half (51%) of respondents have a clear idea of where and how critical data is stored, processed and extracted within their organization. It was also revealed that less than half (46%) conduct compliance audits to ensure third parties who handle personal data of customer and employees are doing so correctly.

These findings raise serious red flags if this is the current state of data security amongst businesses. With cybersecurity threats mounting every day, consumers need to have confidence knowing that their data is being efficiently monitored and protected. Unfortunately, there is already a negative perception amongst consumers that enterprises are untrustworthy when handling data. In the US alone, only 25% of consumers say they feel organizations are taking a responsible stance towards data security.

CISOs and information security personnel must check their businesses are aligned and following data protection protocols, especially for those companies who hold data on EU citizens as this will become mandatory under the EU’s General Data Protection Regulation (GDPR), which comes into effect in May of this year. As more enterprises transfer to cloud services and applications, they are naturally opening themselves to more threats and potentially exposing sensitive data held on these systems.

Businesses must understand that as their duties as “data controllers”, knowing where the data is at all stages of its lifecycle is imperative, but protecting that data is just as important, as both are compliance requirements under GDPR. This added pressure will drive up cyber security investment, more so in data protection solutions. According to PwC, 46% of those within the financial sector are expected to invest in encryption technology this year.

The data protection cycle is moving, but if enterprises continue to neglect data protection duties, they will not only further lose the trust of consumers, they will have to fork-out substantial penalties for not complying with GDPR.

Article Source: helpnetsecurity.com



Share Button: LinkedIn Share Button: XING