Research performed by Securedata shows that many IT professionals are concerned about the effects the EU’s proposed General Data Protection Regulation will have on their businesses. To see CBR’s summary of the proposals so far click here.
59% of IT managers surveyed believe these regulations will increase the cost burdens on their businesses.
As CBR reported last week – much of this worry is coming from loose definitions of the proposals, as well as the introduction of ‘independent’ Data Protection Officer’s (DPO) for businesses of over 250 staff. See story here.
Securedata’s research suggests that already 26% of respondents are looking at outsourcing their DPO requirements.
72% of respondents from the largest businesses (3,000 employees+) said the draft data protection rules would cost their business more, while only 64-58% agreed that the that the new regulations would improve business security and data protection.
Another 40% are concerned that the proposed 24-hour deadline for notifying individuals of a data breach would advertise company security weaknesses before an appropriate security review could be completed. This appears to be in response to issues such as Sony’s Playstation Network hacking, which saw the company attempt to cover up the intrusion rather than go public.
One of the more controversial requirements is the new "right to be forgotten". This would allow consumers to ask for data about them to be deleted. Organisations will have to comply unless there are "legitimate" grounds to retain it. How this will work is unclear, as some organisations are bound by agreements (such as banks) to hold on to this kind of data for fraud and regulatory purposes.
Content from our partners
It is also an unusual requirement in that this kind of rule already exists in UK law – businesses are not allowed to keep information without good reason.
Carl Shallow, head of compliance at SecureData believes that finding the right balance is vital.
"Across the enterprise questions must be asked about exactly what is sensitive data and where does it reside. There is frequently an abundance of ‘lost’ unstructured data siloed across the largest organisations’ IT estates. The new act is an ideal opportunity to review data governance procedures and management solutions."
