Dell Survey Shows APAC
Organizations Lack Awareness and Preparation for New European Union General
Data Protection Regulation (GDPR)
Organizations Lack Awareness and Preparation for New European Union General
Data Protection Regulation (GDPR)
· Almost 90 percent of APAC respondents know few
details or nothing about GDPR
details or nothing about GDPR
· Less than one in three companies feel they are
prepared for GDPR today
prepared for GDPR today
· 93 percent of companies don’t have a plan to
be ready for GDPR
be ready for GDPR
· Only eight percent of IT and business professionals
are confident they will be fully ready for GDPR in APAC
are confident they will be fully ready for GDPR in APAC
Singapore —Oct. 12, 2016 – Dell today announced results
of a global survey on the European
Union’s new General Data Protection Regulation (GDPR), revealing that organizations ‒ both SMBs and large
enterprises ‒ lack general awareness of the requirements of the new regulation,
how to prepare for it, and the impact of non-compliance on data security and
business outcomes.
of a global survey on the European
Union’s new General Data Protection Regulation (GDPR), revealing that organizations ‒ both SMBs and large
enterprises ‒ lack general awareness of the requirements of the new regulation,
how to prepare for it, and the impact of non-compliance on data security and
business outcomes.
Designed to strengthen protection of personal data for all EU
citizens, the new regulation goes into effect in May 2018 and affects companies
of all sizes, in all regions, and in all industries. Those not fully compliant
when GDPR goes into effect risk significant fines, potential breaches and loss of
reputation.
citizens, the new regulation goes into effect in May 2018 and affects companies
of all sizes, in all regions, and in all industries. Those not fully compliant
when GDPR goes into effect risk significant fines, potential breaches and loss of
reputation.
Survey
results show that 76 percent of IT and business professionals
in APAC (Australia, New Zealand, Singapore, Hong Kong and India) responsible
for data security at both SMBs and enterprises are concerned with GDPR
compliance. Although the majority of APAC IT and business professionals’
express compliance concerns, respondents lack general awareness of GDPR, and
they are neither prepared for it now nor expect to be when it goes into effect.
results show that 76 percent of IT and business professionals
in APAC (Australia, New Zealand, Singapore, Hong Kong and India) responsible
for data security at both SMBs and enterprises are concerned with GDPR
compliance. Although the majority of APAC IT and business professionals’
express compliance concerns, respondents lack general awareness of GDPR, and
they are neither prepared for it now nor expect to be when it goes into effect.
· Almost 90 percent of respondents say they know
few details or nothing about GDPR
few details or nothing about GDPR
· Less than one in three companies feel they are
prepared for GDPR today
prepared for GDPR today
· 71 percent of IT and business professionals,
in APAC region, say they are not nor don’t know if their company is prepared
for GDPR today, and only seven percent of these respondents have a plan for
readiness
in APAC region, say they are not nor don’t know if their company is prepared
for GDPR today, and only seven percent of these respondents have a plan for
readiness
· Nearly all APAC companies (93 percent) don’t
have a plan in place when GDPR kicks off in 2018
have a plan in place when GDPR kicks off in 2018
Results further show that while organizations realize failure to
comply with GDPR will impact both data security and business outcomes, they are
unclear on the extent of change required, or the severity of
penalties for non-compliance and how changes will affect the business.
Eighty-five percent say they would not, or were not aware whether their
organization would face penalties in its approach to data privacy if GDPR had
been in effect this past year.
comply with GDPR will impact both data security and business outcomes, they are
unclear on the extent of change required, or the severity of
penalties for non-compliance and how changes will affect the business.
Eighty-five percent say they would not, or were not aware whether their
organization would face penalties in its approach to data privacy if GDPR had
been in effect this past year.
· Of the 15 percent of APAC respondents who said
they would face a penalty if GDPR were in place today, 30 percent think it
would require only an easy remediation, or don’t know the penalty
they would face a penalty if GDPR were in place today, 30 percent think it
would require only an easy remediation, or don’t know the penalty
· Close to 50 percent believe they would face a
moderate financial penalty or manageable remediation work
moderate financial penalty or manageable remediation work
· Almost 20 percent expect significant changes
in current data security practices and technologies
in current data security practices and technologies
Additional findings show that most organizations don’t feel
well-prepared across security disciplines for GDPR compliance.
well-prepared across security disciplines for GDPR compliance.
· Less than half of respondents feel
well-prepared for any of the security disciplines impacting GDPR
well-prepared for any of the security disciplines impacting GDPR
· Only 16 percent feel well-prepared for access
governance, a key security discipline for GDPR
governance, a key security discipline for GDPR
· More than 70 percent of enterprise respondents
in APAC either are not or don’t know if they are prepared for GDPR. Nearly 70
percent of SMB respondents in this region said they are not or don’t know if
they are prepared for GDPR
in APAC either are not or don’t know if they are prepared for GDPR. Nearly 70
percent of SMB respondents in this region said they are not or don’t know if
they are prepared for GDPR
· Ninety-five percent of APAC respondents say
their existing practices will not satisfy the new GDPR requirements
their existing practices will not satisfy the new GDPR requirements
Best practices help
successfully address GDPR requirements and avoid the consequences of
non-compliance
successfully address GDPR requirements and avoid the consequences of
non-compliance
The EU GDPR was adopted by the European
Parliament and Council this year and becomes fully effective in 2018. Below are
tips and strategies to help organizations adhere to security disciplines needed
for GDPR regulations, so they can protect customer personal information, and avoid
the data breaches, heavy fines and loss of reputation that may result from
non-compliance:
Parliament and Council this year and becomes fully effective in 2018. Below are
tips and strategies to help organizations adhere to security disciplines needed
for GDPR regulations, so they can protect customer personal information, and avoid
the data breaches, heavy fines and loss of reputation that may result from
non-compliance:
· Hire a data protection officer (DPO). A requirement for GDPR, the position can be
full-time, or filled by an employee with other responsibilities or an
outsourced agency. The good news is that a designated DPO can be used as a
service, so some system integrators or resellers could offer this as a service
to grow their businesses.
full-time, or filled by an employee with other responsibilities or an
outsourced agency. The good news is that a designated DPO can be used as a
service, so some system integrators or resellers could offer this as a service
to grow their businesses.
· Deploy a firm access governance solution. The ability to govern access to applications
that permit access to EU citizens’ personal data ‒ particularly unstructured
data ‒ is a major factor in data security and GDPR compliance. Governance
generally requires periodic review of access rights by line-of-business managers
and attestation (or recertification) that the permissions align with their job
roles and do not compromise data security. The One Identity family
of Identity and Access Management solutions provides this level of visibility
and control.
that permit access to EU citizens’ personal data ‒ particularly unstructured
data ‒ is a major factor in data security and GDPR compliance. Governance
generally requires periodic review of access rights by line-of-business managers
and attestation (or recertification) that the permissions align with their job
roles and do not compromise data security. The One Identity family
of Identity and Access Management solutions provides this level of visibility
and control.
· Control access management. To satisfy GDPR, employees and contractors
must have the correct access permission to do their jobs and nothing more. The
right identity and access management technologies that facilitate this level of
control include multi-factor authentication, secure remote access,
risk-based/adaptive security, granular password management, and full control
over privileged user credentials and activity.
must have the correct access permission to do their jobs and nothing more. The
right identity and access management technologies that facilitate this level of
control include multi-factor authentication, secure remote access,
risk-based/adaptive security, granular password management, and full control
over privileged user credentials and activity.
· Protect the perimeter. Deploy next-generation firewalls to reduce
the network’s exposure to cyber threats, mitigate the risk of data leaks that
could lead to a data breach resulting in stiff penalties assessed under GDPR,
and deliver the forensic insight required to prove compliance and execute
appropriate remediation following a breach. The Dell SonicWALL next-generation firewalls
protect against emerging threats and feature deep packet inspection; real-time
decryption and inspection of SSL sessions; adaptive, multi-engine sandboxing;
and full control and visualization of applications.
the network’s exposure to cyber threats, mitigate the risk of data leaks that
could lead to a data breach resulting in stiff penalties assessed under GDPR,
and deliver the forensic insight required to prove compliance and execute
appropriate remediation following a breach. The Dell SonicWALL next-generation firewalls
protect against emerging threats and feature deep packet inspection; real-time
decryption and inspection of SSL sessions; adaptive, multi-engine sandboxing;
and full control and visualization of applications.
· Facilitate secure mobile access.
Foster the secure flow of covered data while enabling employees to access the
corporate applications and data they need in the way they prefer, and with the
devices they choose. Enhance data security (while removing access obstructions)
by combining identity components, device variables and temporal factors (time,
location, etc.) to deliver an adaptive, risk-based approach that ensures the
right access all the time, every time, while concurrently improving data
protection and GDPR compliance.
Foster the secure flow of covered data while enabling employees to access the
corporate applications and data they need in the way they prefer, and with the
devices they choose. Enhance data security (while removing access obstructions)
by combining identity components, device variables and temporal factors (time,
location, etc.) to deliver an adaptive, risk-based approach that ensures the
right access all the time, every time, while concurrently improving data
protection and GDPR compliance.
· Ensure email security.
To fulfill GDPR requirements, achieve full control and visibility over email
activity to mitigate the threat of phishing and other email-based attacks on
protected information, while enabling the secure and compliant exchange of
sensitive and confidential data.
To fulfill GDPR requirements, achieve full control and visibility over email
activity to mitigate the threat of phishing and other email-based attacks on
protected information, while enabling the secure and compliant exchange of
sensitive and confidential data.
Methodology
In the survey, conducted by Dimensional Research, 821 IT and
business professionals responsible for data privacy at companies with European
customers responded to questions about awareness, perception and readiness for
GDPR, and the expected impact of non-compliance when GDPR comes into force in
May 2018. The survey was conducted across the United States, Canada, Asia
Pacific (Australia, Hong Kong, Singapore, India), United Kingdom, Germany,
Sweden, Belgium, The Netherlands, France, Italy, Spain and Poland. Business
executives at organizations with fewer than 100 employees also completed the
survey.
business professionals responsible for data privacy at companies with European
customers responded to questions about awareness, perception and readiness for
GDPR, and the expected impact of non-compliance when GDPR comes into force in
May 2018. The survey was conducted across the United States, Canada, Asia
Pacific (Australia, Hong Kong, Singapore, India), United Kingdom, Germany,
Sweden, Belgium, The Netherlands, France, Italy, Spain and Poland. Business
executives at organizations with fewer than 100 employees also completed the
survey.
This press release focuses on the survey findings from
respondents based in the APAC region only.
respondents based in the APAC region only.
Supporting Quotes:
Lennie Tan, Sales Director, Identity and Access Management, Dell APJ
“The European Union General Data Protection Regulation is the
first update to European data protection laws since 1995 when the Internet was
in its infancy and the constantly evolving cyber threats we know today did not
exist. This survey reinforces the global lack of general understanding of
GDPR, the scope of the regulation, and what organizations need to do to avoid
stringent penalties. Results also show that while some organizations “think”
they are prepared, they will be in for a rude awakening if they experience a
breach or must face an audit and are subject to the consequences of
non-compliance with GDPR.”
first update to European data protection laws since 1995 when the Internet was
in its infancy and the constantly evolving cyber threats we know today did not
exist. This survey reinforces the global lack of general understanding of
GDPR, the scope of the regulation, and what organizations need to do to avoid
stringent penalties. Results also show that while some organizations “think”
they are prepared, they will be in for a rude awakening if they experience a
breach or must face an audit and are subject to the consequences of
non-compliance with GDPR.”
Eric D’Angelo, Regional Sales Director, Asia Pacific, Dell
Security
Security
“This new regulation provides uniform data protection rights
across the EU, and, to be in compliance, both European organizations and those
outside of Europe that do business there must adopt an adaptive, user-centric,
layered security model approach around the tenets of prevent, detect, respond
and predict. To be GDPR-compliant, they need security solutions that enable
them to prevent attacks, detect a potentially dangerous presence in their
networks, respond quickly to that threat, and analyze and report on the health
of their networks in real time.”
across the EU, and, to be in compliance, both European organizations and those
outside of Europe that do business there must adopt an adaptive, user-centric,
layered security model approach around the tenets of prevent, detect, respond
and predict. To be GDPR-compliant, they need security solutions that enable
them to prevent attacks, detect a potentially dangerous presence in their
networks, respond quickly to that threat, and analyze and report on the health
of their networks in real time.”
IDC
“Don’t put off early consideration of GDPR by
the two-year implementation period. The scale, complexity, cost and business
criticality of GDPR means that it will take (at least) two years for most
companies to achieve full compliance. Most companies need to start now.”1
the two-year implementation period. The scale, complexity, cost and business
criticality of GDPR means that it will take (at least) two years for most
companies to achieve full compliance. Most companies need to start now.”1
Supporting Resources:
· Dell Software YouTube: http://www.youtube.com/user/DellSoftwareVideo
· Dell Security Solutions: https://security.dell.com/
· Facebook: https://www.facebook.com/sonicwall
1 “Executive Brief on GDPR: A Primer
for Getting Started Towards Compliance,” by Duncan Brown, IDC, March
2016
for Getting Started Towards Compliance,” by Duncan Brown, IDC, March
2016
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
