With the General Data Protection Regulation (GDPR) taking effect May 25, 2018, businesses around the globe should be preparing accordingly. However, through a recent survey, Trend Micro Incorporated found that C-suite executives are not approaching the regulation with the seriousness required, resulting in overconfidence when it comes to compliance.
GDPR Awareness
The company’s research reveals a robust awareness of the principles behind GDPR, with a strong 95 percent of business leaders knowing they need to comply with the regulation, and 85 percent having reviewed its requirements. In addition, 79 percent of businesses are confident that their data is as secure as it can possibly be.
Despite this perceived awareness, there is some confusion as to exactly what Personally Identifiable Information (PII) needs to be protected. Of those surveyed, 64 percent were unaware that a customer’s date of birth constitutes as PII. Additionally, 42 percent wouldn’t classify email marketing databases as PII, 32 percent don’t consider physical addresses and 21 percent don’t see a customer’s email address as PII, either. These results indicate that businesses are not as prepared or secure, as they believe themselves to be. Regardless, this data provides hackers with all they need to commit identity theft, and any business not properly protecting this information is at risk of a penalty fine.
The Cost of Not Being Compliant
According to the survey, a staggering 66 percent of respondents appear to be dismissive of the amount they could be fined without the required security protections in place. Only 33 percent recognize that up to four percent of their annual turnover could be sacrificed. Additionally, 66 percent of businesses believe reputation and brand equity damage is the biggest pitfall in the event of a breach, with 46 percent of respondents claiming this would have the largest affect amongst existing customers. These attitudes are especially alarming considering businesses could be shut down in the event of a breach.
“Investing in state of the art equipment and employing data protection policies should be seen as a wise business practice, not an operational burden,” said Rik Ferguson, vice president of security research for Trend Micro. “As a strategic security partner, we see it as our shared responsibility to help customers meet GDPR data security compliance.”