More than two thirds of businesses are not considered GDPR-compliant one year on.
This is according a poll from Europe’s number one information security event, Infosecurity Europe 2019, which revealed a lack of confidence in the application of GDPR.
The poll reveals that 68% of respondents believe businesses have not taken GDPR seriously and are still not compliant, despite the fact that this came into force on 25 May 2018.
Further results from the Infosecurity Europe poll reveal a lack of doubt in the enforcement of GDPR; one of the questions focused on whether or not there was a belief that regulators were too relaxed when it came to enforcing standards and following up with organisations. In answer to this, 47% said they believed regulators were too relaxed.
The poll which focused on whether firms were GDPR-compliant or not also revealed that 38% of respondents felt this issue had dominated their organisation over the last year, taking the focus away from pressing issues such as plans for projects.
Within the cybersecurity industry, governance, risk and compliance all continue to be key issues, according to a State of Cybersecurity annual report, based on interviews with industry professionals all over the world.
One of the contributors to the report, Perry Carpenter, commented: “While excitement about regulation has died down a little, the introduction of GDPR has had both positive and negative impacts.
“GDPR will remain a driver in the EU and beyond, as more and more organisations are changing the way they handle data in the face of changing regulatory requirements.
“GDPR and other compliance regulations have done a lot to promote the application of foundational information security and privacy-related practices.
“A potential downside, however, is that many organisations still assume that meeting a compliance requirement is the same as being secure – of course history teaches us that compliance and security are not the same thing.”