Blancco Technology Group Study Finds Global Organizations
Don't Know Where All Customer Data Is Stored and Use Unreliable
Data Removal Methods to Erase User Content
ATLANTA and LONDON, May 25,
2017 /PRNewswire/ -- EU GDPR is a game-changing piece
of data protection legislation that goes into effect one year from
today on May 25, 2018. While the
legislation includes various components related to how
organizations collect, store, manage and protect customer data, the
'right to be forgotten' gives individuals the right to have
personal data erased. But if most organizations cannot locate where
their customer data is stored (both on-premise and offsite), it
will be difficult to fulfill 'right to be forgotten' requests,
according to the "EU GDPR: Countdown to Compliance" research study
released by Blancco Technology Group today.
As our study found, most organizations struggle with identifying
and locating where all customer data is stored. 15 percent of
German organizations admitted they don't know where all customer
data is stored, both on-premise and offsite. Plus, the United States (13 percent) and
United Kingdom (12 percent) are
the two countries with the second and third highest percentages of
respondents who don't know where all of their customer data is
stored. For French organizations, however, the problem is somewhat
worse with 20 percent saying their confidence level in their
ability to find all customer data is low – ranging from extremely
unconfident to slightly unconfident.
Richard Stiennon, Chief Strategy
Officer, Blancco Technology Group, said, "If an organization cannot
find their customers' data, how will they be capable of erasing the
data and complying with the EU GDPR's requirement? Once they do
finally locate their customers' data, the next step is erasing the
data permanently so that it can never be recovered. But as our
study reveals, it's quite common for organizations to use insecure
and unreliable data removal methods, such as basic deletion and
free data wiping software, which further undermines their security
and compliance to EU GDPR."
Key findings from the study include:
- French, Spanish and German companies will beef up spending
on EU GDPR-readiness technologies and processes. 85 percent of
Spanish companies will spend up to $3.99
million, while 77 percent of French companies and 73 percent
of German companies will spend the same amount. However, fewer
American companies (65 percent) will spend this same amount.
- 72-hour breach notification, records maintenance of data
processing activities and 'right to be forgotten' top the list of
EU GDPR priorities. Meeting the 72-hour data breach
notification rule (25 percent) and maintaining written records of
data processing activities (25 percent) both ranked as the top
priorities for American organizations. British organizations are
most concerned with maintaining written records of data processing
activities (22 percent). Conversely, 22 percent of Spanish
organizations will prioritize the appointment of a Data Protection
Officer.
- Insufficient budgets, improper handling/storage of IT
equipment and lack of data removal software are the biggest
roadblocks to the 'right to be forgotten.' 12 percent of the
American respondents cited insufficient budget as their biggest
challenge, while it's also a challenge for French companies (17
percent), British companies (16 percent) and German companies (15
percent). Plus, improper handling/storage of IT equipment ranks as
a major challenge for Spanish companies (28 percent), American
companies (21 percent) and British companies (17 percent).
- Insecure and unreliable data removal methods undermine
security and compliance. Basic deletion is used by IT
professionals in France (34
percent), US (28 percent), Spain
(26 percent), UK (24 percent) and Germany (23 percent) to remove data.
Meanwhile, free data wiping solutions (without proof) are used by
organizations in Spain (35
percent), UK (33 percent), US (25 percent), Germany (27 percent), US (25 percent) and
France (21 percent).
- Data Protection Officers are uncommon and costly
additions. 59 percent of American companies and 53 percent of
British companies are most likely to assign the responsibilities of
a DPO to an existing role. In Germany, however, companies would be somewhat
inclined to hire a new, dedicated role (40 percent). Meanwhile, 16
percent of French companies would outsource the role to a
consultant.
- Change begins with a data protection gap analysis. 41
percent of American organizations are currently undergoing a gap
analysis and 43 percent of British organizations plan to start in
the second half of 2017. In addition, 50 percent of Spanish
organizations will do so in the second half of this year. But 14
percent of the French respondents and 14 percent of the German
respondents will wait until 2018.
Stiennon concluded, "The first priority for all companies should
be to gain a complete picture of all data that is collected, stored
or processed that contains EU citizen and
resident information. After that, companies must ensure that
adequate means of protecting that data have been implemented, such
as access being restricted to authorized personnel, proper
authentication being used and proper procedures for backing up and
archiving data and data sanitization policies being implemented to
remove data when it is no longer needed or requested by customers.
In addition, any third parties that have access to the data must be
evaluated to ensure they too have adequate controls in place."
For more details about the various requirements of the EU GDPR,
visit the dedicated page on Blancco's website.
About Blancco Technology Group
Blancco Technology
Group (AIM: BLTG) is the de facto standard in data erasure and
mobile device diagnostics. The Blancco Data Eraser solutions
provide thousands of organizations with an absolute line of defense
against costly security breaches, as well as verification of
regulatory compliance through a 100% tamper-proof audit trail. Our
data erasure solutions have been tested, certified, approved and
recommended by 18 governing bodies around the world. No other
security firm can boast this level of compliance with the most
rigorous requirements set by government agencies, legal authorities
and independent testing laboratories.
The Blancco Mobile Diagnostics solutions enable mobile network
operators, retailers and insurers to easily, quickly and accurately
identify and resolve performance issues on their customers' mobile
devices. As a result, mobile service providers can spend less time
dealing with technical issues and, in turn, reduce the quantity of
NTF returns, save on operational costs and increase customer
satisfaction.
For more information, visit our website at www.blancco.com.
Media Contacts:
SHIFT Communications for Blancco
Technology Group (US)
David Heffernan, Account Manager
T: (617) 779-1839
E: blancco@shiftcomm.com
SAY Communications for Blancco Technology Group (Europe)
Robert Hickling, Senior Account
Manager
T: 44 (0) 20 8971 6427
E: blancco@saycomms.co.uk
Blancco Technology Group
Ragini Bhalla, Senior Director of
Global Communications
E: ragini.bhalla@blancco.com
Logo -
https://mma.prnewswire.com/media/274522/blancco_Logo.jpg