Organisations “still not GDPR compliant” say 68% of respondents to Infosecurity Europe poll

A little over 12 months since the EU’s General Data Protection Regulation (GDPR) came into force, there still appears to be a lack of confidence in its application. That’s according to the latest Twitter poll conducted by the organisers of Infosecurity Europe 2019. The majority of respondents to the poll (68% of them, in fact) believe that organisations have not taken the GDPR seriously enough and are still not compliant.

A lack of doubt in enforcement of the GDPR is reflected by further results of the poll. When asked if respondents believe that GDPR regulators are being too relaxed when it comes to enforcing standards and following up with organisations, almost half (47%) agreed that they were.

Governance, risk and compliance continues to be a key issue faced by the cyber security industry. It’s also one of the top trends within the cyber security industry in 2019, according to Infosecurity Magazine’s second annual State of Cyber Security Report, which is based on interviews with industry professionals from across the globe and is scheduled to be launched at Infosecurity Europe. The show runs at London’s Olympia from 4-6 June.

Regulatory controls

Early exclusive extracts taken from the State of Cyber Security Report indicate that, despite compliance being the standout industry trend in the 2018 report, it has dropped in the 2019 document. That said, the respondents in this year’s report indicate that regulatory controls will remain a driver in the EU and beyond. Others mention the failures of data protection regulators to actually push the regulatory charges. However, on a more positive note they firmly believe that the GDPR in tandem and other compliance regulations have done much to promote the cause for effective incident response.

The Infosecurity Europe Twitter poll also revealed just over a third (38%) of respondents believe that GDPR compliance has dominated their organisation in the last 12 months, while also hindering their plans for other cyber security projects. This indicates that some cyber security initiatives have continued, despite the weight of the GDPR on all organisations to become compliant or face hefty fines.

One of the contributors to the annual State of Cyber Security Report, namely Perry Carpenter (chief evangelist and strategy officer at KnowBe4), commented: “While excitement about regulation has died down a little, the introduction of the GDPR has had both positive and negative impacts. The GDPR will remain a driver in the EU and beyond, as more and more organisations are changing the way in which they handle data in the face of changing regulatory requirements. The GDPR and other compliance regulations have a great deal to promote the application of foundational information security and privacy-related practices. A potential downside, however, is that many organisations still assume meeting a compliance requirement is the same as being secure. Of course, history tells us that compliance and security are not the same thing.”

Complicated trend

Dan Raywood, contributing Editor to Infosecurity Magazine and author of the State of Cyber Security Report, added: “Compliance is a complicated trend to fully evaluate. While it’s something that needs to be acted upon, the stronger enforcement and regulation that had been hyped in the build-up to the GDPR hasn’t really materialised. Therefore, it may force some to think that compliance doesn’t have to be taken as seriously as we’re expected to believe.”

Raywood continued: “At Infosecurity Europe in the Talking Tactics Theatre on Thursday 6 June at noon, I’ll be presenting the findings of our 2019 report in further detail and discussing their relevance with a view to delivering an understanding of what’s driving cyber security trends now and what will drive those trends in the years to come.”

*Governance, risk and compliance will be a key theme at Infosecurity Europe 2019. To register your attendance visit the event’s website

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts