BULLETIN
PRINT.IT
7
GDPR: no time to lose
With less than a year until
the deadline for General Data
Protection Regulation (GDPR)
compliance, 73% of European
CIOs and IT managers
are concerned that their
organisation might not be
able to meet the time-scale.
A survey of 750 CIOs and
IT managers from France,
Germany and the UK by NetApp
also highlights a worrying lack
of urgency ahead of the May
25, 2018 deadline, with only
37% of respondents having
invested extra funds in data
regulation compliance.
NetApp warns that
many business managers
remain ignorant of their
responsibilities. Of the UK
respondents only 12% say
they fully understand what
GDPR involves and just 17%
have hired personnel with data
protection expertise.
NetApp points out that while
the originator of data remains
its owner, under GDPR anyone
who processes that data is
also responsible.
However, 51% of the survey
respondents say responsibility
for compliance rests with the
company that produces the
data; 46% say it lies in the
hands of the company that
processes the data; and 37%
believe responsibility for data
compliance is in the hands
of third-party cloud providers.
In fact, all parties will be
individually responsible for the
data they handle.
Sheila Fitzpatrick, Worldwide
Data Governance & Privacy
Counsel/Chief Privacy Officer
at NetApp, warns that with
the prospect of big fines
for missing the deadline,
businesses must take action
now.
She said: “We have entered
the final year of preparation
before the GDPR deadline on
25th May 2018. Businesses
need to act now to ensure they
are compliant in this timeframe
or be at risk of fines of up to
€
20m or 4% of global annual
turnover, whichever is higher.
“Brexit will have little to
no impact on whether UK
businesses need to comply
with GDPR. It applies to any
business that comes into
contact with data on an EU
citizen. As such, companies of
all sizes need to take an active
look at what data they hold,
what they use it for and where
it’s stored. They can then
use this insight to conduct a
comprehensive review of data
privacy policies, consents,
processes and so on to ensure
they are meeting the minimum
legal requirements.
“GDPR isn’t a ‘nice to
have’, it’s a legal requirement.
Companies have 365 days to
become compliant, or face the
potentially grave consequences
when GDPR comes into effect.”
ISO 27001 for
KYOCERA
KYOCERA Document
Solutions Europe B.V.
has achieved ISO 27001
certification on the strength
of its information security
processes and controls. The
certification follows an audit
of hardware, software and
processes at KYOCERA sites
across EMEA, including the
company’s headquarters in
Hoofddorp, The Netherlands.
Andrie Muchtar, European
Information Security Officer at
KYOCERA Document Solutions
Europe, said: “The ISO 27001
standard provides one of
the strongest guarantees
available for the security of our
employee and customer data,
enabling us to compete for
tenders where this compliance
is a mandatory requirement.
With this foundation, we are
well positioned to comply
with GDPR and support our
customers in ensuring they
adhere to these requirements
as well.”
kyoceradocumentsolutions.eu
Confidential information at greatest risk
in new businesses
Businesses under five years old are twice as likely to
compromise the security of sensitive information as more
established rivals, claims Iron Mountain.
Almost half (48%) of employees in recently established
organisations surveyed by the storage and information
management services company say they have left sensitive
documents lying about the office, have mislaid them completely
or have left them in a public place.
This is twice as many as staff in more established firms,
where fewer than one in four (23%) have made similar errors.
Younger businesses are also less clear on how long they
are legally required to retain documents such as tax records,
contracts and customer data.
More than half (59%) of respondents from companies one
to five years old admit they could be keeping sensitive human
resource records beyond retention deadlines, potentially
exposing the business to reputational damage and fines. This
compares to just 20% in firms that have been in business for
more than 25 years.
Iron Mountain director Elizabeth Bramwell said: “The first
five years of a business’s life are often dedicated to rapid
growth as the organisation establishes itself in the market. The
start-up phase is a busy one, so it’s perhaps understandable
that information management mistakes are more likely to
happen during this time. However, whether you’re a new or
an established business the law is the law, so it’s vital that
confidential information is protected.”
CISOs in demand
Growing concern about data
security has caused the
prestige and earnings of
Chief Information Security
Officers (CISOs) to soar,
claims DHR International.
Its analysis shows that, as
well as being elevated to the
Board, CISOs in Europe can
now earn £597k to £853k in
large listed companies and
£171k to £256k in small to
mid-size listed companies.
Essential cyber
protection
Konica Minolta has been
accredited to the Cyber
Essentials Plus Scheme, a
government-backed cyber
security certification scheme
that provides a mechanism
for organisations to
demonstrate to customers,
investors and insurers that
they have taken essential
precautions to prevent
around 80% of cyber attacks.
So far, more than 1,200
organisations have adopted
the scheme.
Dave Hagenaars, managing
director of BSI Group, The
Netherlands B.V., presents
Takahiro Sato, President
of KYOCERA Document
Solutions Europe B.V, with
the company’s ISO 27001
certificate.
Sheila Fitzpatrick
