One year on since the European Union-wide General Data Protection Regulation (GDPR) came into force, there appears a lack of confidence in its application; according to a Twitter poll from Infosecurity Europe 2019, the information security event at London Olympia from June 4 to 6. A majority of respondents to the poll (68 per cent) believe that organisations have not taken the EU General Data Protection Regulation (GDPR) seriously and are still not compliant.
A lack of doubt in its enforcement is reflected by further results of the poll. When asked if respondents believe that GDPR regulators are being too relaxed when it comes to enforcing standards and following up with organisations, almost half (47 per cent) agreed that they were.
Governance, risk and compliance continue to be a key issue being faced by the cybersecurity industry and is also one of the top trends within the cybersecurity industry in 2019, according to Infosecurity Magazine’s second annual State of Cybersecurity Report, which is based on interviews with industry. Despite compliance being the stand-out industry trend in the 2018 report, it has dropped in the 2019 report. That said, report respondents indicate that regulatory controls will remain a driver in the EU and beyond. Others mention the failures of data protection regulators to actually push the regulatory charges. However, they believe GDPR and other compliance regulations have done a lot to promote the cause for effective incident response.
The twitter poll found that just over a third (38 per cent) believe that GDPR compliance has dominated their organisation in the last 12 months and hindered their plans for other cybersecurity projects. This indicates that some cybersecurity initiatives have continued, despite the weight of GDPR on all organisations to become compliant, or face larger fines in the UK from the ICO regulator, compared with the previous regime.
One of the contributors to the ‘state of’ report, Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4, said of the impact of GDPR: ‘While excitement about regulation has died down a little, the introduction of GDPR has had both positive and negative impacts. GDPR will remain a driver in the EU and beyond, as more and more organisations are changing the way they handle data in the face of changing regulatory requirements. GDPR and other compliance regulations have done a lot to promote the application of foundational information security and privacy-related practices. A potential downside, however, is that many organisations still assume that meeting a compliance requirement is the same as being secure – of course history teaches us that compliance and security are not the same thing.”
The ‘state of’ report will be launched at Infosecurity Europe in the Talking Tactics theatre, on day three, Thursday, June 6, at noon, and available to download.
Governance, risk and compliance will be a key theme at the show. Speaker sessions covering the topic are:
Tuesday 4 June, 2.00pm, Security SMEs Symposium, Pillar Hall, Olympia
Wednesday 5 June, 11.45am, Don’t Acquire Your Next Breach: Managing Vendor Risk Under the GDPR, Information Security Exchange
Wednesday 5 June, 12.45pm, How the UK’s Data Protection Act of 2018 Impacts Your GDPR Programme, Talking Tactics Theatre
Wednesday 5 June, 3.20pm, Understanding & Leveraging GDPR Regulations to Justify IT Security Spend, Strategy Talks
Wednesday 5 June, 4.40pm, Navigating Complex Regulatory Ovesight to Ensure Privacy, Security & Compliance, Keynote Stage
Thursday 6 June, 11.20am, Your Organisation & The European Directive on Security of Network & Information Systems (NIS Directive), Strategy Talks
Attracting 6421 responses, the poll was over the period May 17 to 19, 2019. Visit https://www.infosecurityeurope.com.
