Global report: Australian organisations still not ready to comply with the European GDPR

0

Webroot Report Reveals Businesses in Australia, the United States, and the United Kingdom, are Not Yet Paying Attention to Citizens’ Data Beyond Their Own Borders

96% of Australian IT Decision Makers do Believe There Will be Fewer Data Breaches as a Result of Stronger Data Protection Policies

Webroot has revealed results from its new global report, “Data Privacy and Regulation: The Worldwide Race to Comply.” In light of new data privacy legislations, the report looks at how businesses in Australia, the U.S. and the U.K. are adjusting to new data security measures in order to meet compliance requirements.

Specifically, the report measures organisations’ readiness to comply with the European Union’s General Data Protection Regulation (GDPR) which will take effect May 25, 2018, and Australia’s Notifiable Data Breaches (NDB) which came into effect on February 22, 2018.

The results reveal that almost all (95 percent) of IT decision makers (ITDMs) surveyed – including 96% of Australian ITDMs – agree that there will be fewer data breaches as a direct result of stronger data protection policies.

 

Key Global & Local Findings and Analysis:

  • In terms of compliance, confidence levels are high across the board. The majority (96 percent) of Australian ITDMs feel confident that their fellow employees are equipped to comply with GDPR or NDB.
    • 96% of Australian ITDMs do believe there will be fewer data breaches as a direct result of stronger data protection policies
    • 78% of Australian ITDMs working for companies doing business in the EU feel they could comply with rules requiring them to disclose all personal data collected on individuals within one month of request.
    • Interestingly, UK ITDMs are less confident than those in the U.S. and Australia about their ability to provide all information on EU citizens, with only 18% of UK ITDMs being confident they could provide the information within one month of request.
  • But, reality on the ground is different:
    • While 89% of Australian respondents said their organisation was compliant with the Data Breach Notifications scheme, only 9% said they were actually ready to comply with GDPR
    • Also, almost a quarter (22%) of Australian respondents are not confident their organisations could comply with these rules requiring them to disclose all personal data collected on individuals within one month of request.
  • Employee training on compliance also shows major disparities between IT staff and the rest of Australian employees
    • While 94% of Australian IT decision makers are confident their employees are equipped to comply with GDRP and DBN, only about a quarter of Australian organisations (24%) have only trained IT Staff on GDPR compliance,
    • and 43% have only trained – or are in the process of training – IT staff re DBN regulation and compliance.

Key Quote:

Dan Slattery, Senior Information Security Analyst, Webroot

“Both our local and global regulatory landscapes are tightening, and we’ll likely see more regulations come our way in the coming years as citizens are looking for more privacy. The cyber threat landscape is becoming more complex every day, and hackers are constantly finding new ways to take advantage of the myriad of data created by the growing number of connected devices. Data protection and cyber security strategies need to become business priorities, and it is important Australian organisations partner with experts in this domain if they want to keep building trust among their customers and employees, and regulators”

Advice for Businesses:

  • Know your data. You must know what personal data your organisation has, where it’s stored, and in what systems. Regularly schedule audits and allocate resources for this work.
  • Delete. Make sure any data you do not need is deleted securely. There are legal requirements for maintaining certain types of data, but when data retention is not required, disposing of it helps reduce risk.
  • Communicate. With any process change, effective communication is essential. Proper internal communications with employees and external communications with suppliers will help make them aware of changes and give them time to amend their own processes.
  • Assess. When auditing personal data processes in relation GDPR and NDB, consider if a privacy impact assessment is required.
  • Comply. If there is a security breach within your organisation, follow the rules outlined by GDPR and NDB. Under these regulations, it’s essential to be transparent and inform affected individuals within the specified timeline.

Additional Resources:

Report Methodology:

Commissioned by Webroot and issued in conjunction with Wakefield Research, the survey was conducted among 600 IT decision makers at mid-sized businesses with 100 to 499 employees in three countries: U.S., U.K., and Australia, between March 15 and March 26, 2018.

About Webroot
Webroot was the first to harness the cloud and artificial intelligence to protect businesses and individuals against cyber threats. We provide the number one security solution for managed service providers and small businesses, who rely on Webroot for endpoint protection, network protection, and security awareness training. Webroot BrightCloud® Threat Intelligence Services are used by market leading companies like Cisco, F5 Networks, Citrix, Aruba, Palo Alto Networks, A10 Networks, and more. Leveraging the power of machine learning to protect millions of businesses and individuals, Webroot secures the connected world. Headquartered in Colorado, Webroot operates globally across North America, Europe, and Asia. Discover Smarter Cybersecurity® solutions at webroot.com.

Social Media: Twitter | LinkedIn | YouTube | Facebook

Share.