The EU General Data Protection Regulation (GDPR) requires a ‘privacy-by-design’ approach to data security, but a recent study by leading GDPR-compliance provider IT Governance shows only 50% of organisations have allocated budget for staff awareness.
IT Governance’s report, Implementation challenges and milestones for early adopters of the GDPR
, is based on responses from 250 information security and data protection professionals, and focuses on the issues faced by progressive organisations that have already started working towards achieving GDPR compliance.
found that the biggest challenge in preparing for the GDPR is implementing the technical and organisational measures needed for compliance. Although 50% of organisations state they have not allocated a budget for staff awareness of data protection responsibilities, just over half of those surveyed are planning to undertake GDPR staff awareness training in the future.
The GDPR requires organisations to identify measures to protect EU residents’ personal data by, for example, conducting a data protection impact assessment (DPIA) for risky processing operations and, for some, appointing a data protection officer (DPO).
Nearly 43% of respondents to the survey felt that compliance with the GDPR will rely on staff awareness and training – a surprisingly low figure given that a recent cyber security breaches survey
found that 72% of reported breaches occur after a staff member receives a fraudulent email.
Alan Calder, founder and executive chairman of IT Governance, said: “Under the GDPR, organisations will need to be equipped to deal with incidents to avoid severe reputational and financial damage. Implementing a core staff training process is crucial in developing a cyber resilient workforce in line with the Regulation.”
IT Governance offers a comprehensive Security Awareness Programme
to help organisations build and maintain a culture of data security. Tailored to each business based on its requirements, the programme provides a bespoke training platform that informs staff of the signs and risks of social engineering, reducing the scope for human error and improving organisational measures against cyber threats.
To find out more about IT Governance’s Security Awareness Programme, fill in the enquiry form
to speak to a consultant, visit the website
, email firstname.lastname@example.org
or call +44 (0) 845 070 1750.