According to the new research from the Department for Digital, Culture, Media and Sport (DCMS), 80% of large businesses have heard of GDPR, and 27% have made changes to how they operate in response.
DCMS surveyed 1519 businesses, finding that 80% of large businesses (more than 250 people) were aware of the regulation, whilst that figure was 66% for medium businesses, 49% for small businesses (10-49 people) and 31% for two to nine-person businesses.
According to the survey, “just over a quarter of businesses (27%) had made any changes to how they operate, directly as a response to the forthcoming changes to the data protection regulation“.
The research found that 36% had created or changed policies and procedures, 21% had deployed additional staff training and 12% had added new technology.
The research also surveyed 569 charities, and found 44% were aware of GDPR in total, and also discovered that 36% had created or changed policies and procedures. Further, 12% had installed, changed or updated their anti-virus, and 10% had encrypted data – compared with 5% of businesses.
Darren Anstee, chief technology officer of NETSCOUT Arbor, said that gaining a good understanding of GDPR is still a work-in-progress for many organizations – and it’s important to consider the impact mishandled data might have on the organization itself, customers and employees. It is concerning that at this late stage only 80% of large businesses are aware of the regulation.
“The fact that creating and changing policies in order to comply with the new GDPR legislation is the most common change made by business and charities alike is both good and bad. On the one hand, organizations have obviously taken on board the process and policy changes they need to comply, however, the low percentage shown around other types of change may indicate that the focus has been purely around compliance, rather than looking at the aim of the legislation – to improve the way people’s data is acquired, processed, stored and secured.”
Enjoy the survey here!
References
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/675620/Cyber_Security_Breaches_Survey_2018_-_Preparations_for_the_new_Data_Protection_Act.pdf
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.