Webroot, the Smarter Cybersecurity® company, revealed results from its new global report, “Data Privacy and Regulation: The Worldwide Race to Comply.” In light of new data privacy legislations, the report looks at how businesses in the U.S., U.K., and Australia are adjusting to new data security measures in order to meet compliance requirements.
Specifically, the report measures organizations’ readiness to comply with the European Union’s General Data Protection Regulation (GDPR) which will take effect May 25, 2018, and Australia’s Notifiable Data Breaches (NDB) which came into effect on February 22, 2018. The results reveal that almost all (95 percent) of IT decision makers (ITDMs) surveyed agree that there will be fewer data breaches as a direct result of stronger data protection policies.
Key Global Findings and Analysis:
- Organizations stick close to home when it comes to gathering and using personal information. Almost all (99 percent) of U.K. ITDMs compile data from within the European Union, similarly to those in Australia (99 percent) and the U.S. (100 percent) who pull personal information from customers within their own countries.
- ITDMs in the U.S. reveal they are behind in both GDPR and NDB compliance, with a total of only 12 percent saying they are currently compliant, whereas nearly all (99 percent) of U.K. businesses claim to be GDPR compliant and a majority (89 percent) of Australian businesses claim to be NDB compliant.
- Confidence levels are high across the board. The majority (96 percent) of ITDMs feel confident that their fellow employees are equipped to comply with GDPR or NDB. Surprisingly, 78 percent of U.S. ITDMs indicate they are very confident, compared to the U.K. at 15 percent and Australia at 19 percent.
- UK ITDMs are less confident than those in the U.S. and Australia about their ability to provide all information on EU citizens within one month of request. U.S. ITDMs (83 percent) say they are very confident, significantly more than their U.K. (18 percent) and Australian (50 percent) counterparts. However, a total of 95 percent have some level of confidence in their ability to meet this request.
- All ITDMs report that their organization will be training their employees on GDPR and NDB regulations, however only half (53 percent) of companies worldwide have already completed training for GDPR, and less than one fifth (19 percent) have completed training for NDB.
Megan Shields, Data Protection Officer, Webroot
“While it doesn’t come as much of a surprise that each respective country is focused on its own citizens’ data, organizations have to remember that in a global marketplace, their business impacts citizens beyond their own borders. We’re focused on offering our managed service partners solutions such as user training and endpoint protection to comply with the global regulations aimed at keeping data safe.”
Advice for Businesses:
- Know your data. You must know what personal data your organization has, where it’s stored, and in what systems. Regularly schedule audits and allocate resources for this work.
- Delete. Make sure any data you do not need is deleted securely. There are legal requirements for maintaining certain types of data, but when data retention is not required, disposing of it helps reduce risk.
- Communicate. With any process change, effective communication is essential. Proper internal communications with employees and external communications with suppliers will help make them aware of changes and give them time to amend their own processes.
- Assess. When auditing personal data processes in relation GDPR and NDB, consider if a privacy impact assessment is required.
- Comply. If there is a security breach within your organization, follow the rules outlined by GDPR and NDB. Under these regulations, it’s essential to be transparent and inform affected individuals within the specified timeline.
Commissioned by Webroot and issued in conjunction with Wakefield Research, the survey was conducted among 600 IT decision makers at mid-sized businesses with 100 to 499 employees in three countries: U.S., U.K., and Australia, between March 15 and March 26, 2018.
Webroot was the first to harness the cloud and artificial intelligence to protect businesses and individuals against cyber threats. We provide the number one security solution for managed service providers and small businesses, who rely on Webroot for endpoint protection, network protection, and security awareness training. Webroot BrightCloud® Threat Intelligence Services are used by market leading companies like Cisco, F5 Networks, Citrix, Aruba, Palo Alto Networks, A10 Networks, and more. Leveraging the power of machine learning to protect millions of businesses and individuals, Webroot secures the connected world. Headquartered in Colorado, Webroot operates globally across North America, Europe, and Asia. Discover Smarter Cybersecurity® solutions at webroot.com.