Updated: Apr 13
It’s been over a year now since the implementation of the General Data and Protection Regulation (GDPR) and so far, so good. According to a study conducted by TrustArc which was published last summer, companies have been exerting effort to comply and obey the privacy regulation. In fact, statistically speaking, 74% of the respondents of the survey from US, UK and throughout Europe are said to be compliant by the end of 2018 and is expected to rise to 93% by December of 2019.
However, it is expected that some companies who claim to be compliant may have overlooked a crucial factor or two when it comes to privacy protection which could eventually hurt not only their customers but the company itself.
According to Matt Radolec, the head of security and incident response at Varonis, companies need to remember that in order to fully comply with GDPR, they need to properly invest not only their money, resources and energy into compliance. Simply put: millions should be spent on data security to prevent a having to spend even more as fine for a data breach.
Furthermore, companies should also keep in mind that GDPR is more than just protecting customer data. Beyond this, the policy also requires companies to protect the data of their employees and the customers of their customers.
Some companies have this misconception that GDPR isn’t for business-to-business, which is most definitely not the case, says a senior analyst on Forrester’s Security & Risk team, Enza Iannopollo.