SoylentNews is people
SoylentNews
Under one in three organisations are fully compliant with the General Data Protection Regulation, despite the privacy legislation coming into force across Europe almost a year and a half ago.
Consultancy firm Capgemini surveyed over 1,000 compliance, privacy and data protection personnel and found that despite three quarters of them having previously been confident about being compliant by the time GDPR came into force in May 2018, that isn't the case in reality and many are still struggling to adhere to the legislation.
Now just 28% of those surveyed believe they're fully GDPR compliant – despite regulators being willing to issue heavy fines.
The UK's Information Commissioner's Office (ICO) has already issued a record fine of £183m to British Airways for what it concludes to be "poor security arrangements", which led to personal data of half a million customers being stolen by hackers in a cyberattack disclosed in September 2018.
"For many organisations, the true size of the GDPR challenge only became apparent as they began the initial projects to identify the applicable data that they held. As a result, only the most focused organisations had completed their GDPR readiness by the time the legislation came into force," Chris Cooper, head of cybersecurity practice at Capgemini, told ZDNet.
[...] The Capgemini survey found that of those organisations that are fully GDPR-compliant, 92% of executives from these firms believe that being so has given them a competitive advantage by enabling them to improve customer trust, customer satisfaction and brand image, with all of this helping to boost revenue.
GDPR-compliant organisations also point to benefits behind the scenes, with around four in five of those surveyed of the opinion that being compliant with data protection regulation has helped improve IT systems and cybersecurity practices throughout the organisation.
"Organisations need to promote a data protection and privacy mindset among employees and integrate advanced technologies to boost data discovery, data management, data quality, cybersecurity, and information security efficiencies," said the report.
[...] "The introduction of GDPR was not a deadline but the start of an ongoing process and there is a lot more work to be done. That said, we will not hesitate to act in the public's best interests when organisations wilfully or negligently break the law," said an ICO statement.
(Score: 4, Insightful) by Rosco P. Coltrane on Saturday September 28 2019, @11:10AM (3 children)
Databases and information systems have become so huge and so complex that it's essentially impossible to independently verify a company's claim that they are GDPR-compliant.
For instance, how do EU regulators verify that Facebook complies? Are they going to survey all their databases in all their data centers, and check all use cases of the data they hold? I don't think so. As a result, they'll declare compliance based on a couple of Powerpoints provided by FB, essentially swearing the company did this-or-that to comply - which, knowing FB's history or deception, amounts to nothing at all.
As such, the GDPR is unenforceable unless the concern is small enough to be cedibly audited. Therefore, all the GDPR brought is an annoying popup on most websites visited by EU citizens. It most certainly didn't increase my trust in the actors behind the websites I visit.
The EU might as well have dispensed with the effort of coming up with those silly rules and reglations, and used the money to teach their citizens how to avoid being prey to dataraping companies instead...
(Score: 1) by khallow on Saturday September 28 2019, @12:00PM
But perhaps it did for somebody else. I think a lot of the purpose of this sort of regulation is to instill a sense of gullibility in the voting public.
(Score: 5, Informative) by RamiK on Saturday September 28 2019, @12:40PM
GDPR isn't some toothless American professional standard civic court case oriented regulation. It almost entirely shifts the burden of proof to the service providers in a way that whenever a leak occurs, they must provide proof they did nothing wrong or be found non-compliant be default: “A controller or processor shall be exempt from liability under paragraph 2 if it proves that it is not in any way responsible for the event giving rise to the damage.” https://www.digitalistmag.com/finance/2018/03/19/your-gdpr-duties-of-proof-and-liability-05961632 [digitalistmag.com]
So, it's not enough for Facebook to simply claim compliance. As soon as a leak occurs, they're guilty unless they themselves prove otherwise. e.g. https://www.digitaltrends.com/social-media/facebook-gdpr-decision/ [digitaltrends.com]
compiling...
(Score: 0) by Anonymous Coward on Saturday September 28 2019, @09:17PM
but it's not about teaching people not to be slaves. it's about propping up and legitimizing the biggest slave traders.