Upload
symantec
View
3.154
Download
0
Embed Size (px)
Citation preview
Symantec State of European Data Privacy
Symantec EMEA PROctober 2016
2
SYMANTEC STATE OF EUROPEAN DATA PRIVACY
Copyright © 2016 Symantec Corporation
This report investigates how businesses are progressing towards compliance with the General Data Protection Regulation (GDPR), which will come into effect in May 2018.
CONTENTS
---------------------------------------------------------------------------------------------------------------------------------------------------------
3 Methodology---------------------------------------------------------------------------------------------------------------------------------------------------------
4 Regulatory Awareness---------------------------------------------------------------------------------------------------------------------------------------------------------
7 A Consumer Disconnect---------------------------------------------------------------------------------------------------------------------------------------------------------
10 Cultural preparedness ---------------------------------------------------------------------------------------------------------------------------------------------------------
13 Technical readiness & The Right to Be Forgotten---------------------------------------------------------------------------------------------------------------------------------------------------------
Copyright © 2014 Symantec Corporation
METHODOLOGY
• Symantec commissioned independent research firm, Vanson Bourne, to interview 900 business decision-makers and IT decision-makers in the UK, Germany and France during September 2016
• To qualify for the research the businesses decision makers and IT decision-makers organisations had to have at least 50 employees
• Respondents were asked about the General Data Protection Regulation (GDPR) during interviews conducted during September 2016
• Respondents were equally balanced between countries and were interviewed across all private and public sectors
3
UK GERMANY FRANCE300
Margin of Error =+/- 5% margin
300Margin of Error =+/- 5%
margin
300Margin of Error =+/- 5%
margin
Copyright © 2016 Symantec Corporation
Regulatory Awareness
Copyright © 2014 Symantec Corporation
BUSINESSES ARE NOT ONLY UNDERPREPARED FOR THE GDPR – THEY ARE UNDERPREPARING.
Regulations applying to all EU member states
Gaining consent for data collection
Reporting data breaches
The requirement of a Data Protection Officer (DPO)
Protecting data in an ethical way
Providing information on retention time for personal data
Using data in an ethical way
The right to be forgotten for citizens
The ability for individuals to easily transfer their data files from one service provider to another
None of the above
*Other (please specify)
57%
53%
48%
43%
42%
42%
33%
28%
24%
2%
0%
Elements respondents believe to be part of the GDPR
Have concerns about ability to become compliant
9 in 10 Do not fully understand GDPR
96%
Believe their organization is fully prepared for GDPR
26%
Consider compliance at top priority in the next two years
22%
Copyright © 2016 Symantec Corporation
Copyright © 2014 Symantec Corporation6
STARK LACK OF CONFIDENCE IN MEETING MAY 2018 DEADLINE REVEALED
21%
48%
20%
3%7%
Confidence of compliance by May 2018
Yes, we are already compliant
Yes, we will be fully compliant by May 2018
Yes, we will be partly compliant by May 2018
No, not at all compliant
Don’t know
Believe it is even possible to become fully compliant with the
GDPR
1 in 5
Said their organisation will not be compliant at all, or only partly
compliant, by 2018
23%
Believe that while some company departments will be able to comply
- others will not
49%
Copyright © 2016 Symantec Corporation
A Consumer Disconnect
Copyright © 2014 Symantec Corporation8
ACCORDING TO BUSINESSES, CONSUMERS DON’T CONSIDER DATA SECURITY & PRIVACY A TOP PRIORITY…
Quality of products
Good customer service
Cost of products
Track record of data security
Track record of data privacy
Organisation's ethical stance
The innovativeness of the organisation
Whether they have an existing relationship
73%
60%
56%
29%
26%
23%
16%
13%
27%
40%
44%
71%
74%
77%
84%
87%
Business perception of consumer priorities
Top three priority Not a top three priority
Admit customers ask about data security during transactions
36%
Do not think an organisation’s privacy track record is a top three
consideration for customers
74%
Do not believe their organisation takes an ethical approach to securing and protecting data
35%
Copyright © 2016 Symantec Corporation
Copyright © 2014 Symantec Corporation9
Of respondents are not confident they completely meet customers’ data
security expectations
55%
Keeping your d
ata safe and se
cure
Quality products
Deliverin
g great custo
mer servi
ce
Treating their e
mployees a
nd supplie
rs fairly
Being environmentally
friendly
Giving back
to the co
mmunity
88% 86%82%
69%
56%47%
Symantec State of Privacy: Importance of factors when choosing a company to shop with
or use
…YET CONSUMERS RANK IT #1, SHOWING BUSINESSES ARE OUT OF TOUCH
Do not believe their organisation takes an ethical approach to
securing and protecting data.
45%
Copyright © 2016 Symantec Corporation
Cultural preparedness
Copyright © 2014 Symantec Corporation11
BUSINESSES ARE UNDERESTIMATING THE CULTURAL CHANGES THEY NEED TO MAKE AHEAD OF MAY 2018
Employee personal information
Customer information (personal)
Customer information (including payment details)
Company records
Information on competitors
Market data
4%
9%
6%
7%
11%
13%
Companies where all employees can access the following information
Say all staff can access customers’ payment details
6%
Say all employees can access customers’ personal information
1 in 10
Believe everyone in the organisation has a responsibility to
ensure data is protected
14%
Copyright © 2016 Symantec Corporation
Copyright © 2014 Symantec Corporation12
PARTICUARLY GIVEN THE WIDE REACHING ACCESS EMPLOYEES HAVE TO PERSONAL INFORMATION
Yes, it is a top priority Yes, it is a priority No, it is not a priority
47% 42%
12%
39% 48%
13%
Respondents that believe managing and using data in an ethical way is a priority
for their organisation
Managing data in an ethical way Using data in an ethical way
Said they would be increasing security training
45%
Said managing data ethically is a top priority for their organisation
47%
Are planning to completely overhaul their approach to security
in response to the GDPR
27%
Copyright © 2016 Symantec Corporation
Technical readiness & The Right to Be Forgotten
Copyright © 2014 Symantec Corporation14
BUSINESSES ARE CONCERNED ABOUT THE COMPLEXITY OF PROCESSING DATA CORRECTLY
Believe customers would exercise their right for data to be deleted
81%
Say deleting customer data will be a challenge
9 in 10
Have already received requests to be forgotten
1 in 10
Currently do not have a system in place to forget a customer
60%The time it
takes
The cost
of it
Having data in
a number of d
ifferent loca
tions
The volume of d
ata held on each in
dividual
Different busin
ess departm
ents havin
g different data
Holding data in different f
ormats
*Other (please
specif
y)
There would be no ch
allenges
Don’t know
45%42%
34% 33% 32%
25%
0%
7%3%
Challenges organisations face if customers ask to have their data modified or deleted
Copyright © 2016 Symantec Corporation
Thank you!
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Copyright © 2014 Symantec Corporation15
Copyright © 2016 Symantec Corporation
Copyright © 2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for the informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information is this document is subject to change without notice.