The EU’s groundbreaking data protection regulation, aka the GDPR, has been making news recently, as regulatory action including fines have been announced. MENTIS commissioned Bloor Research, an independent analyst house based in the UK, to conduct research on the progress of the GDPR in its first year and report on what organizations have done and should be doing in the future.
Excerpts from the report (“GDPR Compliance – What has happened and what should organizations do going forward”) include:
Year One has seen 206,326 cases reported by the respective supervisory authorities to the European Data Protection Board (EDPB). 50% of these cases have come from individuals (data subjects) regarding their personal data.
With 91 fines assessed in the first eight months of the GDPR, the largest to date had been the fine of €50 million against Google, meted out by CNIL, the French Data Protection Authority. (The recent fine of €205 million to British Airways by the ICO has now topped the list since the publication of the Bloor report).
The large number of cases being registered and notifications being served has also meant that Data Protection Authorities need to increase their manpower. The Irish Supervisor (DPC) has increased staff members from 30 in 2014 to 130 in 2018, a 300% increase in the last four years.
While organizations have been acting on their data protection policies, the research finds that only 8% of them have a mature data protection and privacy program in place.
And 98% of the organizations do not have automated solutions for handling data requests.
In organizations implementing technology solutions for GDPR compliance, topping the list for implementation or planning are four key technologies: data mapping, data discovery, data anonymization and pseudonymization, and activity monitoring.
More than 92% of organizations have failed to implement a robust data protection strategy. In these circumstances, it is becoming increasingly difficult to achieve the stringent requirements of the GDPR such as data protection by design, data protection impact assessments, data minimization and erasure procedures, and authentication and authorization measures.
Fran Howarth, a practice leader in Information Security from Bloor stated that “Compliance requires a completely automated solution that starts with the discovery of personal information and continues through monitoring its use, to protecting and retiring personal data as required.” Although technology is critically important for ensuring GDPR compliance, Bloor found that only 22% of the allocated budget is used for technology solutions, while the rest is spent on staff, training, and consultants.
“MENTIS was built for compliance way back in 2004, anticipating the regulatory landscape and the need to understand data – its locations, how it got there, and how it is used. Our robust and fully integrated platform helps organizations discover, anonymize, monitor, and retire their sensitive data. MENTIS has the proven technology platform to enable GDPR compliance – a robust, time-tested solution. I’m pleased that an independent research firm like Bloor affirms this.”
Rajesh Parthasarathy, MENTIS’ founder, and CEO
Suresh Sundaram, Executive Director at MENTIS, added, “Technology has an integral part to play in GDPR compliance, allowing enforcement of regulation to key requirements such as Data Protection by Design, Data Privacy Impact Assessment, Pseudonymization, Breach Notification and Right to Erasure. It is great to have customers use the MENTIS platform to demonstrate compliance, and the Bloor Research report is an excellent white paper on assessing and recommending organizational actions. It is a timely ‘must read’ for any Business, IT or Security compliance executive.”
Bloor Research (https://www.bloorresearch.com/) is a 19-year-old research and analyst firm based in the UK. Bloor’s major research focus areas are Information Management, Security, Infrastructure, DevOps, and GRC. They have a research base of one million users and have reviewed over 5000 products and produced 2500 reports. Bloor is differentiated as an analyst firm in that they do not charge vendors for coverage nor do they charge users for content. This makes them both an independent and a credible source of insights.
Founded in 2004, MENTIS was one of the first companies in what was then a fledgling data-security market. Guided by a visionary founder with a deep grounding in both business and technology, MENTIS immediately began to innovate and has never since stopped. Known for its responsiveness to the moving target that is risk and compliance, MENTIS continues to bring powerful products to the market, the result of the company’s deep analysis of new trends in risk, along with a collaboration with its customers to assess and weigh their current challenges.
The company’s latest release makes the MENTIS platform the only integrated end-to-end platform where discovery, masking, monitoring, and retirement of sensitive data are available for both Non-Production and Production environments, and also now support both structured and unstructured data, whether in the cloud or on premise. Its segregation of duties functionalities means MENTIS also allows stakeholders across the IT, business, and security and compliance groups to collaborate to achieve comprehensive and consistent data security.
MENTIS helps protects the data of some of the most iconic industries and institutions in the world. Its customer roster includes internet commerce pioneers and national airlines; higher education institutions ranging from the Ivy League to Land Grant schools; international industrial behemoths and retail giants; and global leaders in the highly regulated financial services and healthcare industries.