Many businesses still have never heard of GDPR, or don’t understand it

Of those that were familiar with GDPR and had processes in place to prepare for it, many are yet to implement relatively simple measures to contribute towards compliance. Just 33% of UK professionals said that they carry out a monthly audit of employee and customer data, and only 40% work for companies that restrict administrator rights to protect customer and employee data, even though a foundational principle of GDPR is controlling privileged access.

The findings also demonstrated that many companies do not have a dedicated member of staff to handle data protection. Only 63% and 46% of UK and US professionals respectively work at companies with an internal or external data protection officer, and just over 30% keep a data breach log in both of these regions.

Simon Langton, VP of Professional Services at Avecto, said: “It’s worrying that so many organisations are still confused by the regulation and what they need to do. With the regulation now in force, businesses are at risk of a fine if they aren’t operating in compliance with the regulation.

“GDPR does offer guidelines, but it is open to interpretation in terms of specific processes that businesses need to put in place. However, having access to the skills to manage data protection, regularly auditing data and implementing simple security measures, such as limiting administrative privileges and implementing application whitelisting software, is vital to help organisations keep data safe and achieve ongoing compliance.”