Skip to the content


CIOs concerned over new EU data policies

EU data policies

Chief information officers (CIOs) across the UK have significant doubts over whether the EU General Data Protection Regulation (GDPR) will be able improve the capabilities of current systems in protecting sensitive data shared with third parties.

That is the main finding of a new survey conducted by Egress Software Technologies, a provider of encryption services, which found that 87 per cent of CIOs are worried their systems may remain exposed despite the introduction of GDPR.

The measures, which were initially developed in December 2015, is expected to offer companies a grace period of 24 months before enforcing compliance.

GDPR will apply to every company in the EU responsible for processing personal data, although its remit does extend further afield, applying to any company handling personal information belonging to EU residents.

The new legislation will compel companies to report data breaches within 72 hours, as well of fines of up to four per cent of an organisation's global turnover if found guilty of putting sensitive data at risk.

Doubts brewing

While the measures will undoubtedly be welcomed in a number of ciricles, many CIOs responding the recent survey said that current and previous shortcomings were still going unaddressed.

More than three-quarters of respondents said they were getting increasingly frustrated by the fact that despite the existence of relevant technology, such as encryption, many employees were still not using the tools at their disposal effectively.
As a result, experts believe the situation is creating more risks for businesses.

That situation comes despite a number of high-profile breaches in 2015, many of which affected companies handling personal customer data.

Some 49 per cent of boardrooms reacted by focusing their efforts on external threats rather than internal breaches.
However, with the introduction of GDPR, boardroom discussions and approaches to data security are likely to be revisited.

However, Egress chief executive officer, Tony Pepper, commented said that the survey's results had shown a worrying disconnect between boardrooms and reality.

He added: "ICO statistics demonstrate that 93 per cent of data security breaches occurs as a result of human error – that is, people making mistakes when sharing sensitive information, poor processes and systems in place, and overall lack of care when handling data. Consequently, the emphasis being placed on cyber-attacks has the potential to become a distraction for many organisations. To date, much of the private sector has not been mandated to disclose breach incidents, but that is changing. And the results show that now they could be heading for trouble.”