SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Veritas says Aussie firms aren't prepared for EU's new data protection regulations
Mon, 27th Mar 2017
FYI, this story is more than a year old

The Global Data Protection Regulation (GDPR) takes effect next year, and only 30% of Australian businesses are prepared for it, Veritas has found.

The GDPR may be based in the European Union, but its effects will be felt globally by those that conducts business in the region or within an EU organisation.

The new GDPR will cover everything from shopping history to employee records. Veritas says it will also provide better control as to where and how sensitive data is both stored and transferred - and how it is audited.

According to Veritas, only 15% of an organisation's stored data is known and actively managed. 52% of companies don't know where data comes from, where it sits, who owns it and what use they may have had. 33% is irrelevant or ROT (relevant, obsolete or trivial) data.

If businesses don't understand the regulation, they won't be complaint. This means they're putting not only data at risk, but may also subject to be a maximum fine of €20 million or four percent of annual turnover.

“This is not just an issue for EU companies. This regulation impacts any organisation that holds data concerning individual EU data subjects,” says IDC's senior program director Carla Arend.

“This can be anything from a shopping history to employee records. It is imperative that companies immediately begin deploying solutions that will help them understand exactly what information they hold and let them manage that data in a compliant manner,” Arend says.

Veritas has seen an opportunity to help organisations deal with the mandates required by the GDPR.

“360 Data Management for GDPR plays a key role in helping companies accelerate their digital transformation strategies,” explains Mike Palmer, executive vice president and chief product officer at Veritas.

It provides organisations the ability to understand what personally identifiable information (PII) they have on file about EU residents. It can also help them quickly access information when requested. It can also protect PII from breach, loss or damage.

“At a time when data is your most critical business asset, giving companies capabilities that let them understand and gain valuable insights about their information provides advantages that go well beyond compliance,” Palmer concludes.