Attitudes towards GDPR

Posted on Thursday, October 05, 2017
Get in touch
By The Softcat News Team

More News

A recent independent survey revealed that 75% of organisations indicate they will struggle to be ready for the GDPR deadline in May 2018.

The survey on attitudes towards GDPR was conducted in May 2017, commissioned by Varonis and carried out by VansonBourne. Respondents were 500 IT decision makers of organisations with 1,000+ employees from the UK, France, Germany and the United States.

What did the survey find most deterred organisations from getting ready?

38% said that GDPR will mean more costs to their organisations. However, the threat of fines might be even more costly, and an additional 42% say that it’s not a priority for their businesses, even though those who fail to meet compliance could pay a considerable fine - with fines of up to 4% of global turnover (revenue).

32% said that it will add more complexity to their job. But meeting compliance is not a simple pass or fail, nor is it a check list. So where do we go from here?

In a recent interview on GPDR compliance, London-based partner at Mintz Levin Sue Foster advises the “show your work” principle. With GDPR, you should be able to justify your security plan based on the current state of security technology and document what you’ve done. 

If we needed to simplify data obligations for companies, it would be these six points:

  1. Conduct impact assessments: Initiate prior assessments when processing sensitive data that may result in risk to consumers.

  2. Limit who sees the data: Ensure only authorised individuals can access the data.

  3. Keep records: Manage a record of processing activities, including the types of data, time limits, and whether it is being exported to other countries.

  4. Continuously monitor and assess data: Always check that you are protecting your data.

  5. Limit data collection: Minimise what is being collected and protect the data you have.

  6. Limit processing: Ensure processing is limited to the purpose for which the data was collected.

How Varonis helps organisations with GDPR readiness

Varonis helps companies meet key GDPR requirements by identifying and classifying sensitive EU personal data, continuously monitor data access, and automatically streamlining a data retention and migration policy.

The feedback we are receiving from customers every day, is that one of the hardest tasks they face with GDPR is identifying what data is within scope of the regulations and where it's located on their network. One way we're helping them is with GDPR Patterns. Using Data Classification Framework as a base, GDPR Patterns can spot EU personal data patterns (we have over 150 of them!) – automatically discovering data that falls under GDPR, from license plates to blood type to passport numbers.

From there, this GDPR classification can be integrated into reporting, alerting, and monitoring – not to mention breach notification.

The Varonis and Softcat "GDPR Playbook"

Here's how we can help you with GDPR readiness:

  1. Automatically discover and classify GDPR data

  2. Report on GDPR affected data

  3. Establish data retention policies

  4. Protect regulated data and restrict access to sensitive data

  5. Detect breach activity and policy violation

  6. Alert on suspicious activity and potential data leaks

Get in touch

The first step is to set-up a free GDPR readiness assessment with Varonis and Softcat, where we will help you identify in-scope GDPR data, find excessive access to personal data, audit user activity, and work with you to identify and prioritise gaps in your GDPR readiness.

If your organisation would like to find out more about how we can help with your GDPR preparations, please contact your Softcat account manager or send us a message using the button below.

Get in touch
Comments

We would love to hear any comments you have about this article!