News

Half of Organisations Not Prepared for GDPR

MSPs
Almost half of UK-based organisations still do not understand what the upcoming General Data Protection Regulations (GDPR) are, according to research from Nexsan. With the legislation coming into effect from May 25th 2018, organisations have less than a year to prepare, or risk fines of up to 4% of their global revenue.

Despite awareness efforts, a recent survey of over 100 respondents revealed that almost half (48%) did not know what GDPR is. The new legislation is set to replace the EU data protection directive and will hold organisations responsible for any personal data they retain. In addition, when asked about business preparations, only 40% could confirm that their organisation is actively working towards compliance. The statistics revealed a clear challenge in the market and the difficulty appears to be in educating businesses about the new legislation.

Whether organisations keep data on-site, in the cloud or outsource to a third-party service provider, the fundamental responsibility for safeguarding this information lies with the data owner. IT professionals need to put measures in place to safeguard data, especially with the recent rise in ransomware attacks. Part of the new legislation requires all organisations to report certain types of data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach. Depending on the nature of the data breach, in some cases organisations will have a duty to report it to the individuals affected. GDPR covers a wide range of areas and if organisations are storing any amount of consumer data it’s critical they educate themselves in preparation to comply.

Geoff Barrall, COO at Nexsan, commented: “Businesses need to start taking measures to ensure they will meet GDPR regulations. Interestingly, the survey noted an almost equal split in the market, which may suggest that those potentially vulnerable organisations are the ones still unaware of the new legislation. Whether cloud-based or physically onsite, it’s key to ensure that the storage solution used provides the required security in addition to traditional criteria such as performance, expandability, and flexibility. There are simple steps businesses can take to remain compliant within the context of their data management and security and here at Nexsan we’ve been delivering solutions to these problems for years."

In the first episode of Comms Business Live David Dungay, editor of Comms Business, covered the impact of GDPR on the Channel with an expert panel. to view that episode click here.