Impact of new data protection legislation not widely understood

Almost a third of public and private sector professionals are not aware of what the forthcoming EU General Data Protection Regulation (GDPR) will mean to them or their organizations, according to iStorage.

The EU will soon have the power to fine companies €100 million or 5% of their annual turnover if they are found to be in breach of the new legislation – and GDPR compels anyone who holds data on EU citizens to implement adequate security measures to protect data from loss or theft.

With encryption largely recognized as the primary method of security by rendering data unintelligible to any unauthorized access, the forthcoming legislation exempts anyone from notifying the affected subjects if the data that was lost or stolen was encrypted.

“The EU’s position is very clear: all personal information must be protected by adequate security to prevent the loss or theft of data,” states John Michael, CEO of iStorage. “The majority of significant security breaches occur where confidential data has been stored on an unencrypted portable device. Organizations need to give serious consideration to minimizing the risks of loss by ensuring that all portable media devices containing personal information are robustly encrypted.”

90% of respondents to the survey at Counter Terror Expo in London confirmed that policies are in place within their organizations covering data protection matters, while a further 80% were specifically aware of who was directly responsible for data protection with these organizations.

Asked about the methods currently used to store business data, 22% confirmed the use of cloud technology, yet a sizeable number (65%) did not consider the cloud to be a secure method of storing confidential data.