Alert Logic, the leading provider of Security-as-a-Service solutions, today announced data from Crowd Research Partners’ 2018 GDPR Compliance Report that shows only seven percent of companies were on track to achieve European Union General Data Protection Regulation (GDPR) compliance by the May 25, 2018 deadline, with the majority citing lack of expert staff for their failure to comply with the newly-implemented regulation. The study finds the second and third most cited reasons for non-compliance are budgetary constraints and a limited understanding of the GDPR requirements, respectively.
The industry report, co-sponsored by Alert Logic and other cybersecurity providers, benchmarks the readiness of companies to comply with the GDPR, identifies top barriers to achieving readiness, and explores how companies are tackling compliance with the new data privacy law. The report summarises responses from a survey of 531 information technology, cybersecurity, and compliance professionals. The results underscore the widely varying maturity levels of GDPR compliance plans across organisations—and the considerable effort they face in terms of financial costs and man-hours required to implement all the technical and organisational controls required by the GDPR.
The study also found approximately one third of companies reported they will need to make substantial changes to data security practices and systems to comply with the GDPR. Identifying and mapping user data to protected GDPR categories was the top ranked initiative for meeting GDPR compliance—cited by almost three quarters of report respondents. This was followed by evaluating, developing, and integrating solutions that enable GDPR compliance.
“We are seeing a substantial increase in organisations with strained resources, especially cyber-security staffing, who need to comply with regulations like GPDR along with PCI DSS, HIPAA & HITECH, and SOX,” said Bob Lyons, CEO, Alert Logic. “Alert Logic can help these organisations achieve compliance quickly and reduce the risk of stringent fines from GDPR non-compliance—without having to hire more people—through an integrated solution that includes robust security compliance controls and expert services.”
GDPR Breach Detection and Notification
The GDPR introduces a requirement for breach detection and notification not found in other compliance regulations. Lyons added, “With GDPR, organisations have 72 hours to notify authorities, and impacted users in some cases, if a breach is detected. Our cybersecurity experts personally reach out to our customers within 15 minutes if they identify a breach, attacks or suspicious behaviour that could lead to a breach, thus, enabling our customers to maximise their response time prior to the breach notification deadline.”