75% of Organizations Will Struggle to Meet EU GDPR Regulations by Deadline, Survey Finds

Varonis Offers Free Online Course by Troy Hunt to Help Organizations Build a GDPR Attack Plan

NEW YORK, May 25, 2017 (GLOBE NEWSWIRE) -- Varonis Systems, Inc. (NASDAQ:VRNS), a leading provider of software solutions that protect data from insider threats and cyberattacks, released findings today from an independent survey probing attitudes towards the EU General Data Protection Regulations (EU GDPR), due to come into effect one year from today.  The survey, which polled 500 IT decision makers in the UK, Germany, France and the U.S., reveals that 75% of organizations indicate they will struggle to be ready for the deadline.  An additional 42% say that it’s not a priority for their businesses, despite the threat of fines which could cost companies up to 4% of global turnover or €20 million (whichever is greater).

Over 90% of respondents see challenges complying with GDPR by the deadline. Among the top three challenges:

  • 55% say they are challenged to meet Article 17, the “Right to be forgotten,” where they must discover and target specific data and automate removal when requested by the consumer.
  • 52% face challenges to identify personal information on their systems, understand who has access to it and who is accessing it, and know when this data can and should be deleted according to Article 30, records of processing activities.
  • 50% struggle with Article 32, the security of processing, which means organizations must ensure least privilege access, implement accountability via data owners and provide reports that policies and processes are in place and successful.

“Almost one third of respondents have not conducted a data impact assessment in order to determine who has access to personal data according to Article 35 of the regulation. This means that they don’t have a handle on where their most sensitive data resides,” said Brian Vecci, Technical Evangelist at Varonis. “You can’t catch what you can’t see, and if organizations aren’t assessing their data risk profiles now, how do they know they’re protecting their data from a breach today let alone meeting these regulations in one year’s time? In the 2017 Varonis Data Risk Report, 47% of organizations had 1,000 or more sensitive files accessible to every employee in the organization – this includes sensitive personal information. GDPR means that it’s more critical than ever to know your data. Where is your sensitive data stored? Who is accessing it? Who should be accessing it?”

“I was surprised at the location where users were saving sensitive information across the network without our knowledge,” said an IT Manager responsible for meeting GDPR at a Food Company in a recent TechValidate customer survey. “Leveraging Varonis will allow us to rectify the issue, monitor data storage and remove the risk.”

To help organizations prepare for GDPR, Varonis has once again teamed up with renowned security expert Troy Hunt, to launch a free GDPR educational video course. The seven part online course, “GDPR Attack Plan: What You Need to Know,” was created for Varonis and walks organizations through the role of GDPR, understanding personal data, territorial scope, breaches and penalties and how to put GDPR principles into action.

Other interesting findings include:

  • The top GDPR benefits organizations expect include knowing the location of personal information on their network (47%) and a reduction in the likelihood that their organization will experience a high profile data breach (44%).
  • The top expected drawbacks include increased costs (38%) and added complexity (32%).
  • There was a global consensus that the banking and financial sectors were most likely to receive the first fines should they experience a data breach (34% overall, and top selections in each country).
  • Just over two thirds (68%) of respondents agree that an organization from the UK will be made an example of should they breach any part of the EU GDPR, as a result of Brexit.
  • German regulators are expected to be the most rigorous in holding companies in breach of the regulations to account, followed by the UK and then French regulators. 

The independent survey on attitudes towards GDPR was commissioned by Varonis and carried out by Vanson Bourne. Respondents were 500 IT decision makers of organizations with 1,000+ employees comprised of 100 respondents each in the United Kingdom, France and Germany and 200 in the United States.  The survey was conducted between 17th April and 9th May 2017.

Additional Resources

About Varonis
Varonis is a leading provider of software solutions that protect data from insider threats and cyberattacks. Through its innovative Data Security Platform, Varonis allows organizations to analyze, secure, manage, and migrate their volumes of unstructured data. Varonis specializes in file and email systems that store valuable spreadsheets, word processing documents, presentations, audio and video files, emails, and text. This rapidly growing data often contains an enterprise's financial information, product plans, strategic initiatives, intellectual property, and confidential employee, customer or patient records. IT and business personnel deploy Varonis software for a variety of use cases, including data security, governance and compliance, user behavior analytics, archiving, search, and file synchronization and sharing. With offices and partners worldwide, Varonis had more than 5,500 customers as of March 31, 2017, spanning leading firms in financial services, healthcare, public, industrial, insurance, energy and utilities, media and entertainment, consumer and retail, technology and education sectors. 


Contact Data