The EU General Data Protection Regulation (GDPR) aims to better protect the privacy of personal data for EU citizens. It’s considered the world’s most significant — and aggressive — data privacy law to date, and, with just over a year until it goes into effect in May 2018, it’s time for businesses to start taking it seriously.
Here’s why: it affects businesses in nearly every country in the world. Any company that markets goods or services to EU residents is subject to the GDPR, regardless of where it is located. Companies that violate this regulation can face charges of up to €20 million or four percent of their global revenue, whichever is greater.
To give an example of the impact of the regulation, consider these hypothetical fines that could come from failure to comply:
- General Mills -$164 million
- Apple – $8.6 billion
- HP – $1.9 billion.
These numbers are staggering and should serve as a wake-up call for businesses to start taking steps toward compliance.
Here are a few important steps to take in order to ensure companies are heading in the right direction.
First and foremost, educate your employees.
Our survey at this year’s RSA conference found that 51% of respondents have never even heard of the GDPR, and only 9% have detailed knowledge of the regulation. What’s more, 75% of respondents stated that their employer has neither informed them about GDPR, nor how the regulation might affect work processes. Only 9% stated that their company has offered plenty of information.
These numbers are concerning, and prove that companies aren’t taking the regulation seriously enough. Businesses must educate their employees about the regulation, and how it affects not only company data, but the personal data they share through their devices and the cloud services they use.
On that note…
Know the cloud services used within your organization
Our RSA survey also found that businesses severely underestimate the number of cloud services in use in their organization – over half (53%) of respondents estimated that there are less than 100 cloud services in use. In reality, this number is over ten times higher – our January Netskope Cloud Report found that enterprises are now using, on average, a total of 1,031 cloud services.
Even more concerning, 94.8% of cloud services are not enterprise ready, meaning they lack necessary security controls.,Because many companies lack visibility into their cloud service environment, this is an important next step in moving toward GDPR compliance.
Above all, remember this: you’re only as secure as your knowledge of your cloud service ecosystem. If one of your employees is using an unsanctioned, non-GDPR-compliant cloud service, your organization is at risk of failing to com