Has your company hired a Data Protection Officer?
Provider of cyber security solutions that protect business-critical data and applications, Imperva, has announced the results of a survey of 310 IT security professionals taken at the Infosecurity Europe 2017 trade show. The results suggest that while the industry is preparing for the General Data Protection Regulation (GDPR), 22% haven’t yet hired a Data Protection Officer (DPO). Of those with no DPO, 52% aren’t planning on hiring a DPO until the second half of 2018 or beyond – after GDPR enforcement commences.
“A crucial takeaway from this survey is that companies need to be engaging with GDPR compliance now,” said Terry Ray, CTO of Imperva. “The fact that a high percentage of respondents said they had already hired a DPO is encouraging. GDPR will rear its head in ways that nobody predicted, so engaging early and being ready for every possibility is absolutely crucial.”
Another revelation from the survey is that when it comes to GDPR, many security professionals are banking on help from machine learning technology. Over half (55%) of the security professionals indicated that they believed AI or machine learning solutions could bear some of their considerable workload in the next three to five years, with 27% suggesting it could even be within the next year or two.
The GDPR gives individuals in the EU more control over their personal data and is designed to make sure that their personal information is protected, even outside the EU. It applies to businesses that offer goods and services to data subjects in the EU or monitor behaviour of data subjects in the EU, regardless of their industry or location of the business. It becomes effective on 25th May 2018. Organisations are focusing on GDPR compliance because fines for certain violations may be up to the greater of €20m or four percent of total worldwide annual turnover. Article 37 of the GDPR requires any organisation processing personal data on a large scale to retain an independent DPO.