UK struggling to understand EU General Data Protection Regulation (GDPR), reveals Delphix
European survey reveals fundamental lack of understanding about General Data Protection Regulation (GDPR) and highlights the opportunity to accelerate IT projects as compliance improves the availability of secure data
London, UK - June 2016 - Delphix, the market leader in data virtualisation software and masking tools, has revealed more than one in five UK business have no understanding of the impending General Data Protection Regulation (GDPR) being introduced by the EU. A further 42 per cent in the UK have looked into some aspects of the GDPR but not into the psuedonymisation tools that the legislation recommends. Approximately, one in five of those that have studied the psuedonymisation requirements in the GDPR admit that they are having trouble understanding it.
"The GDPR defines pseudonymisation as the processing of ensuring data is held in a format that does not directly identify a specific individual without the use of additional information," explained Iain Chidgey, VP International at Delphix. "To address the challenges of a digital age and limit the risk to individuals that have their data breached, the GDPR incentivises organisations to pseudonymise their data at several different points."
France currently has the best understanding of psuedonymisation in the GDPR with 38 per cent of respondents claiming they fully understand psuedonymisation requirements compared to 21 per cent in Germany. However, confusion still reigns in Germany with 40 per cent revealing that they have studied psuedonymisation requirements in the GDPR but are also having trouble understanding it.
"When it comes to protecting personal information, data masking and hashing represent the de facto standard for achieving pseudonymisation," continued Iain Chidgey. "Take the unprotected personal information that is often freely available in the non-production environments that are used for software development, testing, training, reporting and analytics. By replacing this sensitive data with fictitious yet realistic data then businesses can neutralise data risk while preserving its value. Data masking irreversibly transforms sensitive data to eliminate risk and allows organisations to demonstrate compliance with the pseudonymisation requirements in the GDPR."
Currently, just a quarter of data in the UK and Germany is masked, compared to a third in France. Respondents in the UK claimed that the biggest challenges to data masking is that data is sprawled throughout the organisation with little central control (32 per cent) and it takes too long and delays projects (42 per cent). A further 26 per cent in France and Germany also claimed that data masking tools are prohibitively expensive. As a result of the new legislation, nearly half of data in the UK and Germany will be masked by 2018 (48 per cent and 47 per cent respectively). In France, this figure will be even higher, rising to 60 per cent.
On a scale of one to five, one being very important and five not being very important, 67 per cent of businesses in the UK ranked the reduced likelihood of fines for non-compliance as one of the biggest benefits of pseudonymisation. A further 64 per cent claim it will reduce the risk to their brand in the event of data breach with 57 per cent believing that it will enable teams to identify, audit and report on data.
However, as organisations secure data through pseudonymisation then it will create opportunities for the business, improving the availability of secure data that can be used to accelerate IT initiatives and support innovation. Reflecting this, the biggest benefits of pseydonymisation in France and Germany are expected to be accelerating IT and business processes that depend on access to secure data (57 per cent and 48 per cent respectively) and reducing the risk to the organisation's brand in the case of a data breach (57 per cent and 49 per cent respectively). A further 54 per cent in France and 44 per cent in Germany also claimed that it would reduce the amount of time and money invested in data protection initiatives.
"For many organisations, the GDPR will not only force them to ensure compliance and reduce the risk of a data breach but it will also help to usher in a new wave of IT innovation," stated Iain Chidgey. "As organisations look at how they store, manage and secure data as part of compliance demands there is also an opportunity to think about how data can be better used. Embracing new technologies, including those that combine data virtualisation with data masking, ensures that organisations can pseudonymise data once and guarantee that all subsequent copies have the same protective policies applied. This will future proof the business from costly data breaches and ensure compliance while improving agility and time-to-market.
The survey also revealed that responsibility for data protection will sit firmly within the C-suite but few organisations have appointed a chief data officer or a chief privacy officer. In the UK, 52 per cent listed the CISO or head of IT security as responsible. A further 18 per cent cited the chief data officer or data protection officer followed by the CEO or CIO (17 per cent). Over a third (35 per cent) of French respondents said that responsibility for data protection primarily sits a chief data protection officer, 25 per cent named the CISO and head of IT security and 23 per cent named the CEO or CIO. In Germany, nearly half (44 per cent) said that the CISO or head of IT security was responsible for data protection, followed by the CEO or CIO (30 per cent) and the chief data officer or data protection officer (18 per cent). The lack of consistency regarding who is responsible for data highlights the need for organisations that are addressing the General Data Protection Regulation (GDPR) to take the appropriate steps and regain control over data governance by introducing tools that drive standardisation and privacy by design into processes.
Delphix is the market leader in Data as a Service and data masking solutions, which help enterprises accelerate application projects by 50 per cent, including ERP rollouts, custom development, and migrations to private and public clouds. Delphix provides its DaaS Platform as on-premises or cloud software that automatically delivers the right data to the right team at the right time, instead of relying on complex processes and multiple IT teams to manually move unsecured data across systems. Over 20 per cent of the Fortune 100 use Delphix to deliver data 99 per cent faster across development, testing, and reporting environments, driving dramatic increases in productivity while improving data security. Delphix is headquartered in Menlo Park, California, with offices around the world.