Half of enterprise IT decision makers are concerned that the security measures they have in place will not meet the new EU Data Protection regulations, GDPR. The new regulations come into force on 25 May 2018, and while some business leaders are railing against the notion of 4 percent of global turnover as a fine for serious data breach, others are looking at it as a chance to get their information security house in order and tighten up on those poor practices, policies and procedures that could place them in the invidious position of receiving a large fine.

But can we ever learn to love data protection regulations and use them to improve business practices? In fact, yes. The research quoted above has shown a clear indication that one business area sees there is cause for concern. Part of the problem of understanding data protection identified by the research is that many of the respondents were IT Decision Makers (ITDM) and data protection, while frequently part of the IT remit, should never be seen solely as an IT responsibility.

So the fact that only half are concerned is actually quite generous of them, even with 55 percent of them saying that they feel end users do not understand the risks that poor data security poses to the business. There is only so much an IT department can do and if, as the report suggests, a quarter of ITDMs feel end users are the biggest threat to enterprise security, we need therefore to examine what measures are in place to secure the behaviour of those end users, instead of expecting IT to handle the whole data protection arena and absorb the changes coming through to business via the GDPR.

Jul-Sep 2016 Issue

Advent IM Ltd