It’s almost one year on since GDPR came into force yet there appears to be a lack of confidence in its application.
New research conducted by Infosecurity Europe 2019 – Europe’s number one information security event has found that organisations have not taken the EU General Data Protection Regulation (GDPR) seriously and are still not compliant.
A lack of doubt in its enforcement is reflected by further results of the poll. When asked if respondents believe that GDPR regulators are being too relaxed when it comes to enforcing standards and following up with organisations, almost half agreed that they were.
Governance, risk and compliance continue to be a key issue being faced by the cybersecurity industry and is also one of the top trends within the cybersecurity industry in 2019, according to Infosecurity Magazine’s second annual State of Cybersecurity Report, which is based on interviews with industry professionals from across the globe and is scheduled to be launched at Infosecurity Europe, this year.
Early exclusive extracts taken from the cybersecurity report, indicate that despite compliance being the standout industry trend in the 2018 report, it has dropped in the 2019 report. That said, report respondents indicate that regulatory controls will remain a driver in the EU and beyond.
Others mention the failures of data protection regulators to actually push the regulatory charges. However, they believe GDPR and other compliance regulations have done a lot to promote the cause for effective incident response.
The Infosecurity Europe twitter poll revealed that just over a third (38 per cent) believe that GDPR compliance has dominated their organisation in the last 12 months and hindered their plans for other cybersecurity projects. This indicates that some cybersecurity initiatives have continued, despite the weight of GDPR on all organisations to become compliant or face hefty fines.
One of the contributors to the forthcoming State of Cybersecurity Report, Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4, comments on the impact of GDPR. He said, ‘While excitement about regulation has died down a little, the introduction of GDPR has had both positive and negative impacts.
GDPR will remain a driver in the EU and beyond, as more and more organisations are changing the way they handle data in the face of changing regulatory requirements. GDPR and other compliance regulations have done a lot to promote the application of foundational information security and privacy-related practices.
A potential downside, however, is that many organisations still assume that meeting a compliance requirement is the same as being secure – of course history teaches us that compliance and security are not the same thing.”
Dan Raywood, Contributing Editor, Infosecurity Magazine and author of the State of Cybersecurity Report, comments: “Compliance is a complicated trend to fully evaluate, because while it is something that needs to be acted upon, the stronger enforcement and regulation that had been hyped in the build-up to GDPR have not really materialised. Therefore, it may force some to think that compliance does not have to be taken as seriously as we are expected to believe.
“At Infosecurity Europe in the Talking Tactics theatre, on Thursday 6th June at noon, I’ll be presenting the findings of the ‘State of Cybersecurity Report’ in further detail and discussing their relevance, with a view to delivering an understanding of what is driving cybersecurity trends right now, and what will drive it in the years to come. I look forward to running an interesting, thought-provoking session at the event. The report will be available to download at this time.”