{"id":11822,"date":"2018-03-22T05:00:07","date_gmt":"2018-03-22T13:00:07","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/03\/22\/news-5592\/"},"modified":"2018-03-22T05:00:07","modified_gmt":"2018-03-22T13:00:07","slug":"news-5592","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/03\/22\/news-5592\/","title":{"rendered":"The GDPR is Coming: We Shed Light on What\u2019s Still Not Working"},"content":{"rendered":"

Credit to Author: Trend Micro| Date: Thu, 22 Mar 2018 12:00:20 +0000<\/strong><\/p>\n

\"\"<\/p>\n

On May 25, the biggest shake-up to Europe\u2019s data protection laws in almost a generation will finally take effect, after years of planning. For any US organization handling data on EU citizens, including service providers, it means you could face hefty fines of up to \u20ac20m ($24.7m) or 4% of global annual turnover for non-compliance. That should get the attention of any board. Yet awareness remains patchy. Research gathered by Trend Micro reveals that firms still aren\u2019t investing in the right areas ahead of the regulation and could be dangerously under-prepared.<\/p>\n

For those looking for guidance, we\u2019ve put together a new weekly video series to show Trend Micro\u2019s compliance journey.<\/p>\n

Rights and obligations<\/strong><\/p>\n

The GDPR is a huge piece of legislation designed to improve consumer rights over the data organizations hold on them. As a result, it puts strict new obligations on those organizations, many of which revolve around data security and protection. The regulation is not prescriptive about what technologies firms should put in place \u2014 except for encryption and pseudonymization tools \u2014 but it does demand that firms follow the \u201cstate of the art\u201d and implement \u201cappropriate technical and organizational measures to ensure a level of security appropriate to the risk.\u201d<\/p>\n

In layman\u2019s terms, this means following current best practice security approaches. However, our results showed a worrying disconnect between the law and the reality on the ground.<\/p>\n

Unprepared and under-funded<\/strong><\/p>\n

We polled over 1,000 IT decision makers from around the world, including the US, and found just half (51%) have increased security investments to help with compliance. This is despite a quarter of respondents complaining that \u201clack of sufficient IT security protection\u201d (25%) and a \u201clack of efficient data security\u201d (24%) are the biggest challenges to compliance efforts.<\/p>\n

Digging deeper, we found that less than a third (31%) have invested in encryption, despite its prominent mention in the GDPR. Data Loss Prevention (33%) and advanced technologies designed to detect network intruders (34%) were also largely ignored. It\u2019s not all about technology, of course. Investments in security tools will only be effective if used as part of a considered security and compliance strategy, watertight policies and processes, and a focus on the people side of security. Yet, worrying, just 37% of global organizations said they\u2019d invested in staff awareness programmes.<\/p>\n

Part of the reason could be a lack of funds: a quarter of respondents (25%) claimed that limited resources are the biggest challenge to compliance.<\/p>\n

The concerns don\u2019t end there. There are strict new rules around breach notification in the GDPR. Article 34<\/a> of states that individuals must be notified within 72-hours if a breach results in a high risk to their rights and freedoms. Yet a fifth (21%) of respondents said they have a formal process in place to notify only the data protection authority, while 6% said they have no process in place at all, and 11% didn\u2019t know if they had one or not.<\/p>\n

A holistic approach<\/strong><\/p>\n

The GDPR is all about encouraging greater accountability and transparency among organizations that handle customer and employee data. Regulators aren\u2019t looking to punish straightaway following the May 25 deadline, but they do want to see organizations clearly taking this seriously \u2014 showing they\u2019ve understood the regulation and have the best interests of their customers at heart.<\/p>\n

Our findings show there\u2019s still some way to go before this translates into widespread adoption of best practice approaches to data protection. We must also remember that GDPR compliance is far bigger than IT security, and will require the commitment and involvement of stakeholders from all over the organization.<\/p>\n

For those looking to see how Trend Micro has prepared for this major update to Europe\u2019s privacy laws, check out our new video series.<\/p>\n

The post The GDPR is Coming: We Shed Light on What\u2019s Still Not Working<\/a> appeared first on <\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Trend Micro| Date: Thu, 22 Mar 2018 12:00:20 +0000<\/strong><\/p>\n

\"\"<\/p>\n

On May 25, the biggest shake-up to Europe\u2019s data protection laws in almost a generation will finally take effect, after years of planning. For any US organization handling data on EU citizens, including service providers, it means you could face hefty fines of up to \u20ac20m ($24.7m) or 4% of global annual turnover for non-compliance….<\/p>\n

The post The GDPR is Coming: We Shed Light on What\u2019s Still Not Working<\/a> appeared first on <\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[14364,12116,714],"class_list":["post-11822","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-compliance-regulations","tag-gdpr","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11822","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11822"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11822\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11822"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11822"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11822"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}