View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Policy
February 5, 2018

Why GDPR is Keeping CIOs Up at Night

Now that the GDPR launch date looming, it’s comes as no surprise that 87% of CIOs are worried about how it will affect their organisation.

By James Nunns

In four months, the GDPR will start being enforced and according to a study by Egress


Kris Lahiri, co-founder & Data Protection Officer, Egnyte.

Software Technologies, concern among CIOs has reached an all new high. Data breaches are in the news and with the GDPR promising enormous fines for non-compliance –  when added to the risk of falling stock value, customer trust or even a class action lawsuit – 2018 may be a stressful year for some CIOs


Panic on the streets

Now that the GDPR launch date looming, it’s comes as no surprise that 87% of CIOs are worried about how it will affect their organization, and how they’ll provide measures to secure their sensitive data. Is it even possible to prevent a cyber attack? Or at least be able to demonstrate reasonable safeguards in case a breach occurs?


Priorities from concerns

When asked to list priorities their priorities for GDPR compliance, a whopping 40% of CIOs named external threats as being their main focus, with 21.5% being more concerned about insider threats and a fraction less worried about an accidental data loss (21%). Only 9.5% of those asked were concerned about a breach relating to technology malfunction. To fully take on the GDPR, it seems CIOs will need a comprehensive cure to all of these concerns, as well as total insight into all data stored on citizens from all 28 EU countries.


Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
You can lead a horse to water

Simply adding another piece of technology to a app-crowded workplace has generally been a quick fix, but according to the Egress report, 77% of CIOs had huge concerns about how employees use (or not use) the technology they provide to securely share content. Trying to get employees to follow the CIOs guidelines can often be as hard as creating the guidelines in the first place, with many citing communication as the main culprit.

Whatever solution a CIO explores to address GDPR, it must be designed for end users beyond the IT department and work in harmony with popular industry applications. The best way for employees to adopt secure collaboration is when it’s embedded in the core of the digital workspace, instead of an added extra that can simply be bypassed.


The quick fix conundrum

Another interesting statistic in the research revealed that 83.5% of CIOs prioritise ease of deployment when choosing a GDPR solution. Some of the deployment issues they raised included increased pressure on IT support (44%), disruption to work processes (31.5%) and complicated integrations (23%). The struggle is finding a solution that can be deployed with minimal cost and disruption, but with many businesses storing data across the globe in siloed repositories, not to mention files stored in the cloud, updating systems for GDPR may prove too troublesome for some.


Think beyond compliance

Unfortunately, data compliance won’t automatically mean a company is safe from data loss. Many organizations with the latest technologies have still suffered costly data breaches. There are so many ways in which a company can fall foul of data protocols that focusing only on compliance may prove detrimental in the long run.

A real bullet-proof approach to data protection should derive from the daily strategies, activities and business arrangements of a company as a whole. According to CEO of Egress Tony Pepper the “solution is making security as easy to use as possible. If security makes processes more complicated or time-consuming people will find a way to avoid it; if it’s seamlessly integrated into the everyday tools they are used to handling then they will have no reason to resist.”


Concerns are good, but are they correct?

While concern about GDPR is valid, the report by Egress seems to show that much of the concern may be in the wrong places. Despite the fear of having sensitive data exposed by employees, only 20% of CIOs are focusing on accidental breaches. A pretty low percentage when you consider figures obtained from the ICO, via a Freedom of Information (FOI) revealed that 93% of breaches are the result of human error. It could be said that CIOs are concentrating their efforts too much on outside threats to their networks.

When the biggest vulnerability stems from internal error or lack of process, it seems counterproductive to focus a majority of efforts on preventing an external breach. When you consider the (seemingly) endless reports of accidental data breaches and the human error involved, it becomes clear that many CIOs are placing their concerns in the wrong places.


Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.