The United Kingdom and the financial sector expected to be the first to be hurt by sanctions under the new regulation, which will enter into force within a year.
Boost your gains
Paris, may 29, 2017 – Varonis Systems, Inc. (NASDAQ : VRNS), a leading provider of software solutions for data protection against internal threats and cyber attacks, has published the results of a study indépendantei aimed to assess behaviour vis-à-vis the regulation eu general data protection (GDPR) which will come into force in a year.
Conducted among 500 it decision-makers in the United Kingdom, Germany, France and North America, this study reveals that 75 % of companies will have difficulties to prepare for this deadline. 42 % indicate that it is not a priority for them, despite the risks of financial penalties that could cost up to 4 % of their global turnover, or € 20 million (whichever is the higher of the two).
74% of French companies surveyed explain that they will have to face serious challenges in order to be in compliance with the GDPR. 58 % said they have already conducted an assessment of the impact on the data, or in an internal audit to determine who has access to personal identifying information held by their business. But 42 % of French companies have less than a year to carry out this assessment and address of access is too permissive. In addition, the results of the businesses that have made an assessment shows that the standards of regulation of data are sorely lacking to the extent that more than two-thirds (69 %) of businesses identified at least one case access too permissive to personal identifying information. This is in response to the levels equally alarming access too permissive to the data identified in the report 2017 Varonis on the risks associated with data which indicates that, in nearly half of the companies, at least 1 000 sensitive files containing personal identifying information is accessible to any employee.
When asked about the sectors that are most likely to be punished, if a company were to be the victim of a data breach, it decision-makers the French cite the areas of computing, technology and telecommunications (19 %), followed by the financial sector (18 %). When the question is about the country, 58 % (against 68 % in the united kingdom) agreed or strongly agreed that a company in the Uk will be penalised for example in case of a breach of any provision of the regulation GDPR to EU-the Brexit.
The difficulties of many businesses to prepare for the GDPR are among the main findings of the study :
55 % admit to having difficulties in applying article 17 of the regulation, the ” right to be forgotten “, according to which they must be able to locate and target specific data in order to automate their removal at the request of the consumer.
52 % are struggling to locate personally identifiable information on their network, to determine who has access to it and accesses, and to know to which time these data can and should be deleted in accordance with article 30, ” Register of the processing activities “.
50 % have problems with the article 32, ” Security of processing “, under which they must implement access privileges are reduced to a minimum, establish a system of responsibility, with the holders of designated data, and produce reports attesting that the policy and relevant processes are active and effective.
“The conclusion most worrying is that one in four does not know where resident its sensitive data,” commented Christophe Badot, Director General France of Varonis. “For these companies, the awakening might be brutal in a year. In the absence of a perfect visibility on the location of their sensitive data, and on the people who access it and accessing it, their chances of complying with the regulation are slim, which puts them in the top of the list of firms that will expose it to sanctions. ”
“Companies in the public sector are clearly those that have the most difficulty complying with the regulation : they are much more likely to lack of budget (26 % of the public sector companies have a separate budget provided for this purpose, compared to 41% in the private sector),” says Christophe Badot. “We received a considerable number of calls from public-sector organizations because they do not have the funds or the skills necessary to ensure their compliance in a timely manner. Unless a change before the deadline set for the month of may of the next year, the CNIL could very well impose financial penalties to government agencies, already short of money, and weakened by an avalanche of cyber-attacks, such as the recent rançongiciel WannaCry. ”
[1] Conclusions of an independent study commissioned by Varonis and carried out by VansonBourne. The study focuses on a panel of 500 it decision-makers from companies with 1,000 or more employees (100 people surveyed in the United Kingdom, France and Germany, and 200 in North America). It was conducted between April 17 and may 9, 2017.
About Varonis
Varonis is the leading provider of solutions to protect the data against internal threats and cyber attacks. With the launch of a software platform, innovative, Varonis enables organizations to analyze, protect, manage and migrate their unstructured data. Varonis is specialized in file systems, and e-mail containing valuable documents in word processing, spreadsheets, presentations, audio and video clips, e-mails and texts. These data are expanding rapidly, offer often information of a financial nature, projects, products, strategic initiatives, intellectual property as well as confidential information about employees, clients, patients or customers. The personal computer and operating deploys the software Varonis in a variety of contexts of use, data security, governance and compliance, the analysis of the behavior of users, archiving, searching, synchronization and sharing of files. With offices and partners worldwide, Varonis had approximately 5 350 customers at December 31, 2016. Among them are major corporations in financial services, public services, health services, retail, insurance, technology, media and entertainment, energy, education as well as companies in the industrial sector.
Boost your gains