Security professionals view GDPR as “ineffective”

GDPR regulations are failing to have the effect needed to help businesses improve their security protection, new figures have claimed.

A survey from seucrity firm One Identity has revealed that nearly a third (30 percent) of respondents believe that GDPR has been ineffective or that data breaches seemed to have gotten worse.

GDPR came into force in May 2018 in an attempt to help companies enforce greater security and give users more peace of mind into how their data is gathered and utilised online.

One Identity’s study found that over three-quarters of companies store sensitive data, such as emails, salary and compensation details, intellectual property and customer data in the cloud.

However many still struggle with detecting a breach, with two-thirds of companies saying it would take an hour or longer to spot a hijacked account.

A worrying amount (26 percent) still say they would not be able to detect malicious actors within the system in real time, which along with spotting an insider attack (24 percent) were recognised as the most challenging aspects of dealing with a cyberattack.

“GDPR was never meant to protect the data against hacks, and the feeling that data breaches have increased since its introduction is probably due to the fact that many data leaks that would otherwise go unnoticed now need to be reported to the relevant regulatory bodies,” said Todd Peterson, IAM evangelist at One Identity.

“What GDPR did do, however, was make people more conscious about data and privacy, and made companies think about the importance of knowing who can – and tracking who does – access databases of sensitive information. This study proves that there is still work to be done on educating the industry, particularly around equating compliance to security.”

Leave a Reply