Survey shows UK firms are increasingly proactive on data privacy a year on from the EU’s GDPR regulation coming into force.
More organisations than ever are encrypting their information since the EU’s data privacy regulation came into force a year ago, with more than half of UK organisations now enforcing encryption on all mobile devices and removable media, according to a survey.
Two thirds (66%) of survey respondents say they now hardware encrypt all information as standard – a positive step considering over a quarter (27%) note the lack of encryption as being one of the main causes of a data breach within their organisation.
The survey, carried out by Censuswide, an independent survey company on behalf of Apricorn, involved interviews with 100 IT decision makers in the UK during April 2019. Respondents work in finance, professional services, IT and telecoms, manufacturing and utilities organisations with more than 1,000 employees.
A mirror of the latest survey in 2018 revealed only half of respondents were enforcing encryption or said they were completely confident in their encrypted data.
“GDPR is clearly making security a board level topic with the C-suite now owning the security budget in 86% of the companies surveyed,” says the survey. It notes that organisations are allocating just under a third (30%) of their IT budget to GDPR compliance – a huge increase when considered against research commissioned by IBM in 2018 that set the ideal spend on cyber-security, in general, at 9.8 to 13.7% of the IT budget.
Jon Fielding, Managing Director, EMEA Apricorn adds: “A year from when GDPR came into force, it’s clear organisations are getting their houses in order, but there still seems to be a long way to go in terms of education and awareness.
“Organisations need to be mindful that GDPR is an ongoing process and not just a tick box exercise. The most common ways to maintain compliance are to continue to enforce and update all policies and invest in employee awareness on a regular basis. Additionally, encryption is a key component within the compliance ‘kit’, helping to lessen the probability of a breach and mitigate any financial penalties and obligations that would apply in the unfortunate event of a breach.”
According to the European Data Protection Board’s first overview of GDPR since its introduction on 25th May 2018, cooperation and consistency mechanisms for monitoring its implementation “are working quite well in practice”.
The total number of cases reported by supervisory authorities from 31 European Economic Area countries was 206,326 over the year. Most of the cases (94,622) were related to complaints, while 64,684 were initiated by data breach notification. According to the report, 52% of these cases have already been closed, and the total amount of fines imposed is €56m.
Firms accused by of breaking GDPR rules include Google, which in January was hit with a £44m fine over ads by the French data regulator. Others under investigation include Facebook (and its subsidiaries WhatsApp and Instagram), Twitter and LinkedIn.