GDPR is transforming data security in Europe, but UK lags behind: survey
- Published: Tuesday, 05 November 2019 20:43
New research commissioned by Check Point shows that GDPR is delivering a strong positive effect overall for European businesses – but with some significant variations between countries in terms of adopting GDPR measures.
The study of 1,000 CTOs, CIOs, IT managers and security managers in France, Germany, Italy, Spain and the UK sought to understand how European companies have addressed the requirements of GDPR. It revealed that 74 percent of organizations overall (UK respondents: 58 percent) believe that GDPR has had a beneficial impact on consumer trust, and 73 percent claim it has boosted their data security (UK: 54 percent).
60 percent of the overall sample (UK: 53 percent) say their business has fully adopted all GDPR measures, with just 4 percent still to begin the process (UK: 10 percent). When asked to rate their performance in dealing with GDPR requirements on a scale from 0 to 10 (0 is ‘not at all’ and 10 is ‘totally’), the average score was an optimistic 7.91 (UK: 6.55).
GDPR has encouraged a strategic approach to data security: the research showed that 65 percent of CTOs, CIOs, IT & security managers believe their company has an organic and strategic approach to cyber security (UK: 39 percent. This strategic approach is defined as one where measures are applied from the bottom up – and this is being used to meet the obligations of GDPR.
The study reveals that significant progress has been made across Europe towards GDPR compliance. 53 percent of respondents said their organization set up a GDPR working group (UK: 37 percent). Another 45 percent allocated budget to cover the costs of implementing GDPR (UK: 33 percent), while 41 percent employed GDPR consultants (UK: 37 percent).
From an IT perspective, the most common steps taken to meet the security requirements imposed by GDPR are:
- Adopting standard security measures (44 percent overall; UK: 31 percent)
- Initiating training for employees to increase understanding of data security risks (41 percent overall; UK: 29 percent)
- Implementing an access and encryption control system (41 percent overall; UK: 29 percent).
GDPR’s main aim is to protect private data, so cloud solutions came under scrutiny. Overall, 83 percent of those polled said their organisation uses cloud solutions. But many are more cautious about how the cloud is employed following GDPR’s introduction. Just 7 percent of companies took the drastic measure of ceasing to use cloud solutions altogether as a result of GDPR.
The three most-anticipated long-term benefits of GDPR were found to be:
- Helping organizations demonstrate their focus on customers’ data and increasing loyalty (45 percent);
- Making operations more efficient, especially regarding cybersecurity (44 percent);7 Providing a more comprehensive view on the information processed by the company (40 percent).