Over the past 6 months, during our GDPR related sessions, a number of important questions have arisen from conversations with our clients and customers. One of the questions asked is “How do companies deal with a SAR?” Read our blog post on Subject Access Requests to give you a greater insight into how companies are preparing for them. Another very important questions is the one of cost. What is the actual cost to businesses when preparing for GDPR and how do you minimise the risk?
You can break this question down into a number of bite-sized portions. The first being the financial cost to the business. A recent study (2017) by IBM into the true cost of a security data breach, found the average cost to an organisation suffering a data breach to be $3.62 million. The study covered 419 participating companies. This figure showed a decrease from the previous year, but the size of the breach had risen by 1.8% from the previous year. To read the full report please click here.
This $3.62 million is a small representation of the overall cost to companies who suffer a data breach. With the new GDPR legislation coming into law next year, the potential fines alone for companies suffering a data breach have been well documented. GDPR will have a tiered penalty structure attached to it for companies that do not comply and subsequently suffer a data breach. The more serious the breach the higher the penalty, 4% of global revenue or 20 Million Euro whichever is higher. This would easily eclipse the $3.6 million stated in the IBM report. There are also other fines to take into consideration when planning your GDPR journey. Non-compliance with Article 28 (“Processor”) will also have a fine associated with it. 2% of global revenue can be issued to a company whose records are not in order or if the supervising authority and data subjects are not notified of a breach. The oversight of the planning and breach notification requirement of GDPR could turn out to be very expensive for companies.
There are also other factors that have to be taken into consideration with looking at overall costs and impacts to the business. What impact will a potentially disastrous data breach have your brand? A breach would be felt throughout the business including your employees. Why? Because the brand has been tarnished. In an age of security-conscious consumers who value their own personal data and want to know that it’s being kept safe and secure by the companies they trust to handle it, a breach could be catastrophic. Consumer and business confidence is key to long-term growth in any industry, so can you put a cost on that? This actual cost of a breach may be felt for years, even if the business even comes through it.
So how does Ground Labs software help to reduce this risk of a data breach and help towards becoming compliant with GDPR? Enterprise Recon has over 200 Data Types built into the tool straight out of the box. It’s been enhanced to include data types from all 28 EU countries to help in the search for where in your network your sensitive data is stored. The tool is an on-premise product and forensically searches your entire environment looking for structured and unstructured data.
Once you run a scan on across your environment, all instances of sensitive data found will be reported in the Ground Labs product dashboard.
From the dashboard, you will have the option to see exactly across your entire network where your sensitive data is being stored. You then have the ability to decide how you handle that data with multiple remediation and reporting functions.
Our GDPR ready tool is the perfect tool to use, no matter what stage your business is at on the GDPR journey. Understanding where your data is and how to remediate it will help to reduce compliance costs and eliminate the root cause of cybersecurity data breaches.
To download a free copy of our white paper on GDPR please click the link:
If you would like further information on how Ground Labs can help with your GDPR initiative, please visit http://content.groundlabs.com/gdpr_assessment to arrange a free risk-assessment.