Wall Street Journal | By: Adam Janofsky | May 25, 2017 11:02 a.m. ET:
As companies rush to comply with the European Union’s General Data Protection Regulation, the United Kingdom’s data regulator said Thursday that businesses must be prepared to “tell it all and tell it fast” if they experience a breach.
U.K. Information Commissioner Elizabeth Denham advised organizations to “go back to the basics” when preparing for the landmark regulation, which goes into effect in May 25, 2018. GDPR will push companies to “minimize the data they collect and train their staff” better, Ms. Denham said at the WSJ Pro Cybersecurity Executive Forum in London.
There have been signs that companies are largely unprepared for the regulation, which lays out fines of as much as €20 million and requires organizations to report data breaches within 72 hours.
A survey released Thursday by software provider Varonis Systems Inc. revealed that 75% of 500 organizations polled in the UK, Germany, France and the U.S., said they will struggle to meet GDPR requirements by the time it takes effect. The most common challenges reported by these organizations were complying with the law’s “right to be forgotten” section, where they must automate the removal of data when requested by customers, and identifying personal information on their systems and restricting access to it.
Ms. Denham has stressed in the past that companies in the U.K. and elsewhere must prepare for GDPR even in the wake of Brexit, as the law applies to organizations that do business in the E.U.
To read full article – please click here.