Symantec - State of European Data Privacy

Symantec State of European Data Privacy

Symantec EMEA PROctober 2016

2

SYMANTEC STATE OF EUROPEAN DATA PRIVACY

Copyright © 2016 Symantec Corporation

This report investigates how businesses are progressing towards compliance with the General Data Protection Regulation (GDPR), which will come into effect in May 2018.

CONTENTS

---------------------------------------------------------------------------------------------------------------------------------------------------------

3 Methodology---------------------------------------------------------------------------------------------------------------------------------------------------------

4 Regulatory Awareness---------------------------------------------------------------------------------------------------------------------------------------------------------

7 A Consumer Disconnect---------------------------------------------------------------------------------------------------------------------------------------------------------

10 Cultural preparedness ---------------------------------------------------------------------------------------------------------------------------------------------------------

13 Technical readiness & The Right to Be Forgotten---------------------------------------------------------------------------------------------------------------------------------------------------------


METHODOLOGY

• Symantec commissioned independent research firm, Vanson Bourne, to interview 900 business decision-makers and IT decision-makers in the UK, Germany and France during September 2016

• To qualify for the research the businesses decision makers and IT decision-makers organisations had to have at least 50 employees

• Respondents were asked about the General Data Protection Regulation (GDPR) during interviews conducted during September 2016

• Respondents were equally balanced between countries and were interviewed across all private and public sectors

3

UK GERMANY FRANCE300

Margin of Error =+/- 5% margin

300Margin of Error =+/- 5%

margin

300Margin of Error =+/- 5%

margin


Regulatory Awareness


BUSINESSES ARE NOT ONLY UNDERPREPARED FOR THE GDPR – THEY ARE UNDERPREPARING.

Regulations applying to all EU member states

Gaining consent for data collection

Reporting data breaches

The requirement of a Data Protection Officer (DPO)

Protecting data in an ethical way

Providing information on retention time for personal data

Using data in an ethical way

The right to be forgotten for citizens

The ability for individuals to easily transfer their data files from one service provider to another

None of the above

*Other (please specify)

57%

53%

48%

43%

42%

42%

33%

28%

24%

2%

0%

Elements respondents believe to be part of the GDPR

Have concerns about ability to become compliant

9 in 10 Do not fully understand GDPR

96%

Believe their organization is fully prepared for GDPR

26%

Consider compliance at top priority in the next two years

22%


Copyright © 2014 Symantec Corporation6

STARK LACK OF CONFIDENCE IN MEETING MAY 2018 DEADLINE REVEALED

21%

48%

20%

3%7%

Confidence of compliance by May 2018

Yes, we are already compliant

Yes, we will be fully compliant by May 2018

Yes, we will be partly compliant by May 2018

No, not at all compliant

Don’t know

Believe it is even possible to become fully compliant with the

GDPR

1 in 5

Said their organisation will not be compliant at all, or only partly

compliant, by 2018

23%

Believe that while some company departments will be able to comply

- others will not

49%


A Consumer Disconnect


ACCORDING TO BUSINESSES, CONSUMERS DON’T CONSIDER DATA SECURITY & PRIVACY A TOP PRIORITY…

Quality of products

Good customer service

Cost of products

Track record of data security

Track record of data privacy

Organisation's ethical stance

The innovativeness of the organisation

Whether they have an existing relationship

73%

60%

56%

29%

26%

23%

16%

13%

27%

40%

44%

71%

74%

77%

84%

87%

Business perception of consumer priorities

Top three priority Not a top three priority

Admit customers ask about data security during transactions

36%

Do not think an organisation’s privacy track record is a top three

consideration for customers

74%

Do not believe their organisation takes an ethical approach to securing and protecting data

35%



Of respondents are not confident they completely meet customers’ data

security expectations

55%

Keeping your d

ata safe and se

cure

Quality products

Deliverin

g great custo

mer servi

ce

Treating their e

mployees a

nd supplie

rs fairly

Being environmentally

friendly

Giving back

to the co

mmunity

88% 86%82%

69%

56%47%

Symantec State of Privacy: Importance of factors when choosing a company to shop with

or use

…YET CONSUMERS RANK IT #1, SHOWING BUSINESSES ARE OUT OF TOUCH

Do not believe their organisation takes an ethical approach to

securing and protecting data.

45%


Cultural preparedness


BUSINESSES ARE UNDERESTIMATING THE CULTURAL CHANGES THEY NEED TO MAKE AHEAD OF MAY 2018

Employee personal information

Customer information (personal)

Customer information (including payment details)

Company records

Information on competitors

Market data

4%

9%

6%

7%

11%

13%

Companies where all employees can access the following information

Say all staff can access customers’ payment details

6%

Say all employees can access customers’ personal information

1 in 10

Believe everyone in the organisation has a responsibility to

ensure data is protected

14%



PARTICUARLY GIVEN THE WIDE REACHING ACCESS EMPLOYEES HAVE TO PERSONAL INFORMATION

Yes, it is a top priority Yes, it is a priority No, it is not a priority

47% 42%

12%

39% 48%

13%

Respondents that believe managing and using data in an ethical way is a priority

for their organisation

Managing data in an ethical way Using data in an ethical way

Said they would be increasing security training

45%

Said managing data ethically is a top priority for their organisation

47%

Are planning to completely overhaul their approach to security

in response to the GDPR

27%


Technical readiness & The Right to Be Forgotten


BUSINESSES ARE CONCERNED ABOUT THE COMPLEXITY OF PROCESSING DATA CORRECTLY

Believe customers would exercise their right for data to be deleted

81%

Say deleting customer data will be a challenge

9 in 10

Have already received requests to be forgotten

1 in 10

Currently do not have a system in place to forget a customer

60%The time it

takes

The cost

of it

Having data in

a number of d

ifferent loca

tions

The volume of d

ata held on each in

dividual

Different busin

ess departm

ents havin

g different data

Holding data in different f

ormats

*Other (please

specif

y)

There would be no ch

allenges

Don’t know

45%42%

34% 33% 32%

25%

0%

7%3%

Challenges organisations face if customers ask to have their data modified or deleted


Thank you!

Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.



Copyright © 2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for the informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information is this document is subject to change without notice.

Symantec - State of European Data Privacy

Technology

Transcript of Symantec - State of European Data Privacy