Sovy recognised by KuppingerCole Independent Analysts More Info
  • Home
  • |
  • Log In
  • |
  • Contact
  • |
  • 0
Sovy
  • Products
    • Sovy GDPR Privacy Essentials℠
    • Sovy Academy℠
    • Sovy Advisory Services
    • All Products
    • Free GDPR Scan
    • Free GDPR Readiness Survey
  • Resources
    • Free GDPR Scan
    • Free GDPR Readiness Survey
    • Knowledge Portal
    • Data Privacy News
  • Pricing
  • About Sovy
    • Mission
    • Team
    • Investor Relations
    • Partnerships
    • Contact Us
  • Products
    • Sovy GDPR Privacy Essentials℠
    • Sovy Academy℠
    • Sovy Advisory Services
    • All Products
    • Free GDPR Scan
    • Free GDPR Readiness Survey
  • Resources
    • Free GDPR Scan
    • Free GDPR Readiness Survey
    • Knowledge Portal
    • Data Privacy News
  • Pricing
  • About Sovy
    • Mission
    • Team
    • Investor Relations
    • Partnerships
    • Contact Us

Data Privacy News

May 30, 2019

Why are organisations still struggling to comply with the GDPR?

mobile phone with security alert

One year into the GDPR, more than half of businesses are still struggling to get compliant. A recent IAPP conference on the GDPR compliance landscape closed on a sombre note: “We expect 50 percent of covered companies are still in the process of GDPR compliance and it will likely go on for another couple of years.” Another survey released May 28 reported that 75% of businesses currently doubt their ability to comply with the regulation.

What’s holding businesses back from GDPR compliance? The research points to two main areas:

Data Breach Management

The GDPR changed the obligations for data breach response and preparation. If organisations don’t want to get fined, they need to notify their Supervisory Authority of a data breach within 72 hours of detection. This notification must contain specific information about the nature of the breach and the circumstances leading up to it, as well as actions to mitigate it and any future breaches.

Even if an organisation complies with the rather speedy notification time, it could still get hit with a fine if it didn’t demonstrate that it had sufficient “technical and organisational measures” in place to detect or mitigate the breach. This seems to be the crux of business compliance failure. Mark Schreiber, speaker at the IAPP conference and partner at law firm McDermott Will & Emery, explains: “EU companies never reported data breaches. They don’t use forensic vendors. They don’t understand malware vectors and attack coordinates… The idea that EU companies could manage a 72-hour notification requirement was optimistic at best.”

Schreiber’s lament, while poignant, makes the GDPR security requirements seem far more daunting than they really are. Small and medium-sized organisations don’t need to understand “malware vectors” (a fancy way of saying the virus that just infected your computer) or “attack coordinates” (where the virus got into your system) to get on the right side of compliance. In most cases, the difference between a fine and a slap on the wrist could be inexpensive and ubiquitous technologies that have existed for decades, like an antivirus scan, a firewall, or SSL. Training in proper data protection practices is probably the best way to avoid a fine and protect your organisation, since 97% of malware attacks exploit the human, not the technology.  If your organisation hasn’t done this yet, bear in mind that the costs of dragging your feet are a lot bigger than they used to be.

Data Access

Under the GDPR, individuals have the right to access any personal data an organisation has on them, along with other information about why they have the information, how long they’ll keep it, and who else has access to it. This critical right is tough for businesses to enable operationally.

Data access behind the scenes

data access infographic

First, you have to make sure that the individual is who they say they are (called a Customer Identification Program), a process in which only 22% of businesses are confident in their abilities. Second, you have to make sure that you know what personal data you have on them and where it is. Third and fourth, you need to be able to retrieve that information and present it to them in a structured format that they’ll be able to understand. Finally, you need to offer adjacent rights associated with the data, such as portability, rectification and erasure.

Few businesses are going to have an easy time implementing this, and no businesses offer real out-of-the-box technical solutions to do it for you. (Trust us, we’ve tried it ourselves.) Why? Because businesses have their data all over the place, in different formats (including physical files), behind different firewalls, and labelled in all sorts of unclear and disorganised ways that only you’ll understand if you remember all your old abbreviations.  The best you’ll get without hiring on-site consulting is a step-by-step process to help you walk through each requirement.

Luckily, Sovy can help you walk through each step and help you build a data inventory (another tough requirement under GDPR Article 30). From there, we guide you through identifying, structuring, and presenting your data in a portable format. Sovy also:

  • facilitates and tracks your data breach notification process, providing proper templates and forms designed to meet Article 33 and 34 requirements.
  • provides courseware in data protection and GDPR compliance for different functions of your organisation (IT, marketing, data protection officer).
  • checks your privacy policy for compliance with the GDPR’s information notice requirements through state-of-the-art machine learning and natural language processing.
data protection GDPR IAPP
Previous StoryGDPR Turns One
Next StoryBritish Airways Faces a £183m GDPR Fine

SEARCH

CATEGORIES

  • 2020 (14)
  • CCPA (5)
  • Charities (1)
  • Coronavirus (3)
  • COVID-19 (3)
  • Events (1)
  • GDPR (52)
  • Google (1)
  • Guidance (2)
  • New Bytes (35)
  • News & Blog (49)
  • Opinions (26)
  • Workplace Conduct (1)

TAG CLOUD

2020 BEUC Brexit CCPA Charities China CJEU Clearview AI CNIL cookies coronavirus COVID-19 cybersecurity data breach data privacy data protection DfE DPC EDPB Facebook facial recognition fine fines GDPR Google guidance H&M IAPP ICO LGDP LGPD mark zuckerberg Marriot marriott Microsoft notification online education oracle PIPEDA salesforce Schrems II tik tok Uber UK vodafone italy

ARCHIVES

  • April 2021 (1)
  • February 2021 (2)
  • January 2021 (3)
  • December 2020 (3)
  • November 2020 (4)
  • October 2020 (4)
  • September 2020 (1)
  • August 2020 (1)
  • July 2020 (2)
  • June 2020 (3)
  • May 2020 (2)
  • April 2020 (2)
  • March 2020 (1)
  • February 2020 (1)
  • January 2020 (3)
  • December 2019 (3)
  • November 2019 (1)
  • July 2019 (3)
  • May 2019 (3)
  • March 2019 (2)
  • January 2019 (3)
  • December 2018 (3)
  • November 2018 (2)
  • September 2018 (1)
  • July 2018 (1)
  • June 2018 (2)

LATEST POSTS

  • Is The GDPR Good For Business?
  • Tik Tok Accused of Noncompliance with the GDPR
  • Clearview AI accused of ‘’illegal mass surveillance’’
  • EDPB launches guidelines on Examples of Data Breach notification
  • GDPR at the End of 2020

QUICK LINKS

  • About Us
  • Resources
  • Privacy Policy
  • Terms
  • Manage Consent
  • Contact Us

Sovy GDPR Privacy Essentials

  • Subscription Benefits
  • Pricing
  • Log in
  • GDPR for Small Businesses
  • GDPR for Enterprises
  • GDPR for Sole Traders
  • GDPR for Charities

SOVY LOCATIONS

Ireland HQ

Registered Office
St Gall's House
St Gall Gardens South
Milltown, Dublin 14
D14 Y882

Trading Office
Meath Enterprise Centre
Trim road, Navan
Co. Meath, C15 TKX6
Ph: +353 (0)1 669-4774

Brussels

Rond-Point Schuman 11
1040 Brussels
Belgium

London

Registered Office
Kemp House
152-160 City Road
London EC1V 2N

Trading Office
9-10 Staple Inn
2nd Floor
London WC1V 7QH

New York

NY Metropolitan Area
2037 Lemoine Ave
Suite 452,
Fort Lee, N.J. 07024, USA

ASSOCIATIONS

Copyright © 2020 Sovy Trust Solutions Limited. All Rights Reserved. Registered in Ireland, No. 610835 and No. 605069