European Businesses Ill-Prepared for EU General Data Protection Regulation

European businesses are inadequately prepared for looming EU General Data Protection Regulation (GDPR), according to data virtualization and masking company Delphix. The company has released survey results which show a widespread lack of understanding about the GDPR regime set to come into effect in June 2018.

Well over half of UK businesses have little to no familiarity with the tools recommended for GDPR compliance. Even if Britain is no longer part of the EU when the new regulations come into effect, UK companies, like those from around the world, will still need to be compliant to handle EU citizens’ data.

RELATED: European Union’s First Cybersecurity Law Gets Green Light

Among UK companies, one-fifth say they have “no understanding” of GDPR, and another 42 percent say they have “looked into some aspects” of the regulation, but not the recommended pseudonymisation tools. (“Pseudonymisation” is defined in the GDPR as “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.”)

Two of five German companies have studied the regulations but are having trouble understanding them, and only 21 percent say they fully understand the requirements.

French companies are relatively confident in their knowledge, but 38 percent saying they understand regulations they will have to meet in two years should still be concerning to the industry and those who regulate it.

SEE ALSO: The Post Safe Harbor Era: New Opportunities for Service Providers

“When it comes to protecting personal information, data masking and hashing represent the de facto standard for achieving pseudonymisation,” Iain Chidgey, VP International at Delphix said in a statement. “Take the unprotected personal information that is often freely available in the non-production environments that are used for software development, testing, training, reporting and analytics. By replacing this sensitive data with fictitious yet realistic data, businesses can neutralise data risk while preserving its value. Data masking irreversibly transforms sensitive data to eliminate risk and allows organisations to demonstrate compliance with the pseudonymisation requirements in the GDPR.”

The survey showed that roughly one-third of data held in France is masked, compared to a quarter of that held in the UK and Germany.

A fear of project delays was the most common reason given for not masking data (36 percent), just ahead of lack of control of data (34 percent). The survey also showed that while responsibility for data protection is held at the C-level, plans vary as to which specific role will take on the responsibility, and most businesses surveyed have neither a chief data officer nor a chief privacy officer.

As far back as the beginning of 2015 concern began to mount about corporate preparedness for new regulations. The challenges could create risk for companies and consumers, but also an opportunity for service providers.

Source: TheWHIR