Despite EU GDPR’s 72-Hour Breach Notification Requirement, 13 Percent of Companies Take Between One Month and One Year to Notify Regulatory Authorities of a Data Breach
Atlanta and London, December 15, 2016 – As more data breaches occur everyday and more data privacy regulations come into force, such as EU General Data Protection Regulation, organizations are beginning to make data governance and data protection more of a priority.
But as the Data Protection: Prioritizing Regulations & Guidelines research study released by Blancco Technology Group (AIM: BLTG) reveals, delayed threat detection and breach notifications could intensify the regulatory challenges of data protection. In particular, 16 percent of businesses take between one and six months to detect a security threat and 5 percent only detect a threat when notified by external parties.
While threat detection plays a vital role in helping organizations prevent data loss/theft, it’s equally important for organizations to notify regulatory authorities and customers of a data breach in a timely and efficient manner. Despite the EU GDPR’s requirement to notify regulatory authorities of a data breach within 72 hours, 13 percent of the surveyed IT professionals admitted it takes between one month and one year to do so. In such instances, these organizations would be in violation of the EU GDPR’s breach notification requirement and could face regulatory fines of up to €20 million, or 4 percent of their global turnover, whichever is greater.
Key findings from the study include:
- Information is beautiful, but data breaches are not. 28 percent of organizations have been hit by a data breach in the last 12 months.
- Although C-suite interest in data governance is increasing, visibility proves challenging. While it’s good news that 76 percent of C-suite and board-level executives review and assess regulatory compliance with state, federal and international data protection laws, 12 percent do so infrequently (between one and three years).
- ISO and NIST data protection guidelines are rising in importance. 88 percent of the surveyed IT professionals consider ISO and NIST guidelines to be either ‘very important’ or ‘important.’
- Regulatory fines have become too normalized. 29 percent of businesses have been cited by a regulatory/governing body for failure to comply with security regulations in the last 24 months.
- Regulatory fines are considered more damaging than customer lawsuits, negative publicity and reduced sales. 28 percent of organizations said regulatory fines are the most damaging consequence of being cited for a regulatory violation, followed by customer lawsuits (22 percent), negative publicity (20 percent) and reduced sales (8 percent).
“The findings of our study reiterate just how important it is for organizations to manage data properly and have a sound data governance program in place,” said Richard Stiennon, Chief Strategy Officer of Blancco Technology Group. “This will require organizations to be fully aware of and regularly assess every type of user data that is stored, how long that data is kept, as well as when and where data needs to be removed when users end their service or when legal requirements demand it. As so many data breaches have shown, taking too long to detect a security threat and notify both regulatory authorities and customers could not only lead to regulatory fines, but could also put organizations at the center of customer lawsuits, diminished sales and negative publicity.”
The purpose of the study is to understand the level of importance organizations place
on data protection regulations and industry guidelines. The survey was fielded in October 2016 to 460 IT professionals in the United States, Canada, Mexico, United Kingdom, France,
Germany, India, Japan and China.
About Blancco Technology Group
Blancco Technology Group (AIM: BLTG) is the de facto standard in data erasure and mobile device diagnostics. The Blancco Eraser solutions provide thousands of organizations with an absolute line of defense against costly security breaches, as well as verification of regulatory compliance through a 100% tamper-proof audit trail. Our data erasure solutions have been tested, certified, approved and recommended by 18 governing bodies around the world. No other security firm can boast this level of compliance with the most rigorous requirements set by government agencies, legal authorities and independent testing laboratories.
The Blancco Diagnostics solutions allow mobile service providers and enterprise organizations to easily, quickly and accurately identify and resolve performance issues on their devices. As a result, employees and staff within organizations can spend more time selling products and less time dealing with technical issues. For mobile network operators/carriers and device manufacturers, the benefits include a drastic reduction in the quantity of NTF returns and significant savings on operational costs.
For more information, visit our website at www.blancco.com
SHIFT Communications for Blancco Technology Group (US)
David Heffernan, Account Manager
T: (617) 779-1839
SAY Communications for Blancco Technology Group (Europe)
Robert Hickling, Senior Account Manager
T: 44 (0) 20 8971 6427
The Hoffman Agency for Blancco Technology Group (APAC)
Miyuki Washino, Senior Consultant
T: 81 3 5159 5750
Blancco Technology Group
Ragini Bhalla, Senior Director of Global Communications