GDPR Compliance Yet To Gain Traction

The initial verdicts of General Data Protection Regulation (GDPR) are in, at least in terms of compliance – or lack thereof.

In news this past week, studies have shown that compliance rates are indeed low, three months in. Data from Dimensional Research shows that many companies – in fact, a majority of them –are not yet in compliance with the mandates.

How low are the rates? Reports from the Business Industry Information Association (BIIA) show that 20 percent of firms are fully compliant, according to the study. That’s on a global scale. Stretch it a bit further, and the findings limited to the European Union are only a bit better, where the compliance rate comes in at 27 percent. Isolated by a few countries, only 21 percent of firms in the U.K. and U.S. are in compliance. More than 90 percent of firms that responded to the survey stated that they are looking to hire staff to ensure compliance by the end of next year.

A bit of optimism: Progress is, well, progressing. The number of companies that showed traction in their GDPR implementation efforts was up significantly in the U.S., gaining 38 percent to 66 percent and boosting to 73 percent in the U.K., compared to this time last year.

The costs are considerable, as 27 percent of companies have spent more than $500,000 on their efforts. The tally stretches a bit, as more than a third of firms seek to spend at least that amount through the end of the year.

Supply Chains Vulnerable

There exists vulnerability in supply chains, we reported in this space last week. Safeguarding data is of course a challenge – even several weeks ago, Brad Bussie, managing principal of security strategies for Trace 3, wrote that GDPR “presents real concerns for tech managers who are responsible for storing and protecting their organizations’ information as it flows in and out of supplier networks … The core problem is that most organizations do not fully understand what data they possess across their vast corporate databases, product catalogs, email systems, budget spreadsheets and HR records, not to mention countless Word documents, slide presentations and social media postings.”

Other research shows similar sentiment as the cybersecurity firm CrowdStrike noted that supply chains are being targeted by bad actors – increasingly so, it seems. As many as 66 percent of companies have seen attacks on their software supply chains. Said the firm: Widespread incidents, such as the NotPetya attack and CCleaner outbreak in 2017, have combined with the European Union’s new [GDPR] to bring the risk of supply chain attacks to the forefront.”

Separately, Reuters reported that GDPR has “put a small army of tech firms” that track individuals in jeopardy. Thus, Google and Facebook stand to do comparatively well – size and scale matter, as users are more likely to consent to the use of their data than other firms.

Cryptos, Yet Again

And in the land of cryptos, in China, the crackdown on digital currencies continues. As has been reported in the past, the country has banned initial coin offerings and blocked trading sites. Now comes a crackdown on the mere mention of cryptos, in a way, as media reports spread that WeChat accounts have been frozen for spreading news and other content about cryptos.

And here in the states, cryptos bounced around a bit on the heels of news that the U.S. Securities and Exchange Commission rejected the latest moves by proponents to list exchange-traded funds that in turn would have been backed by bitcoin.

Bloomberg reported that the SEC stated that the proposed listings did not show how exchanges would “prevent fraudulent and manipulative acts and practices.”