A little over 12 months since the EU’s General Data Protection Regulation (GDPR) came into force, there still appears to be a lack of confidence in its application. That’s according to the latest Twitter poll conducted by the organisers of Infosecurity Europe 2019. The majority of respondents to the poll (68% of them, in fact) believe that organisations have not taken the GDPR seriously enough and are still not compliant.
A lack of doubt in enforcement of the GDPR is reflected by further results of the poll. When asked if respondents believe that GDPR regulators are being too relaxed when it comes to enforcing standards and following up with organisations, almost half (47%) agreed that they were.
Governance, risk and compliance continues to be a key issue faced by the cyber security industry. It’s also one of the top trends within the cyber security industry in 2019, according to Infosecurity Magazine’s second annual State of Cyber Security Report, which is based on interviews with industry professionals from across the globe and is scheduled to be launched at Infosecurity Europe. The show runs at London’s Olympia from 4-6 June.
Early exclusive extracts taken from the State of Cyber Security Report indicate that, despite compliance being the standout industry trend in the 2018 report, it has dropped in the 2019 document. That said, the respondents in this year’s report indicate that regulatory controls will remain a driver in the EU and beyond. Others mention the failures of data protection regulators to actually push the regulatory charges. However, on a more positive note they firmly believe that the GDPR in tandem and other compliance regulations have done much to promote the cause for effective incident response.
The Infosecurity Europe Twitter poll also revealed just over a third (38%) of respondents believe that GDPR compliance has dominated their organisation in the last 12 months, while also hindering their plans for other cyber security projects. This indicates that some cyber security initiatives have continued, despite the weight of the GDPR on all organisations to become compliant or face hefty fines.
One of the contributors to the annual State of Cyber Security Report, namely Perry Carpenter (chief evangelist and strategy officer at KnowBe4), commented: “While excitement about regulation has died down a little, the introduction of the GDPR has had both positive and negative impacts. The GDPR will remain a driver in the EU and beyond, as more and more organisations are changing the way in which they handle data in the face of changing regulatory requirements. The GDPR and other compliance regulations have a great deal to promote the application of foundational information security and privacy-related practices. A potential downside, however, is that many organisations still assume meeting a compliance requirement is the same as being secure. Of course, history tells us that compliance and security are not the same thing.”
Dan Raywood, contributing Editor to Infosecurity Magazine and author of the State of Cyber Security Report, added: “Compliance is a complicated trend to fully evaluate. While it’s something that needs to be acted upon, the stronger enforcement and regulation that had been hyped in the build-up to the GDPR hasn’t really materialised. Therefore, it may force some to think that compliance doesn’t have to be taken as seriously as we’re expected to believe.”
Raywood continued: “At Infosecurity Europe in the Talking Tactics Theatre on Thursday 6 June at noon, I’ll be presenting the findings of our 2019 report in further detail and discussing their relevance with a view to delivering an understanding of what’s driving cyber security trends now and what will drive those trends in the years to come.”
*Governance, risk and compliance will be a key theme at Infosecurity Europe 2019. To register your attendance visit the event’s website