Senior security executives in the retail industry are among the most concerned about data breaches. According to the 2017 Thales Data Threat Report, 39% of respondents in the industry think their organisation is “very” or “extremely” vulnerable to security threats. The average among all industries was 30%.
Retailers’ fears over data breaches are well-founded. The study states that 43% of retailers reported a breach in the past year alone, a much higher percentage than the average among all industries (26%). More than half (56%) of respondents said that their organisation had been the victim of a breach at some point.
The main reason retailers aren’t implementing measures to address these concerns is a lack of budget. This was cited by 53% of respondents. The next most common obstacle, as cited by 49% of respondents, is the complexity of making substantial changes to security policy and technology.
Retailers are most likely to commit to spending on security in order to meet compliance requirements (44%). The fact that this figure is so low is concerning, given that the EU General Data Protection Regulation (GDPR) takes effect in May 2018. The GDPR introduces strict rules for all organisations that handle EU residents’ personal data, and failure to comply could lead to penalties of up to €20 million or 4% of annual global turnover – whichever is greater.
Despite this, another survey – this one focused on GDPR compliance – reports that many organisations are not investing enough resources to prepare for the Regulation. According to Calligo, 69% of frontline IT decision-makers say GDPR governance doesn’t have the full backing of their board, and only 23% say that their CEO is giving enough attention to the GDPR.
As with Thales’ survey, respondents to Calligo’s study say they lack confidence in their organisation’s current set-up. Only 37% of respondents say they are “very confident” that their organisation will be ready for the GDPR by the compliance deadline, and 50% say they are “moderately confident”.
You must address the GDPR
Calligo CEO Julian Box said in a press release:
It is worrying to see signs that GDPR governance does not have the full attention of so many C-level executives. […] The top people in every organisation need to get to grips with this challenge, ensuring that their data is being stored and handled in full compliance.
One of the first steps in preparing for the GDPR should be to conduct a gap analysis. This will provide an assessment of your organisation’s current level of compliance with the Regulation and identify the key areas that you need to address.
By choosing our GDPR gap analysis service, you’ll receive advice from data protection consultants who’ll provide a thorough on-site review of your organisation’s privacy management and data protection practices. We also offer a data flow audit, data protection impact assessments (DPIAs) and bespoke transition services.