Locating customer data will be half the battle to fulfill EU GDPR's 'right to be forgotten'.


Study Finds Global Organizations Don't Know Where All Customer Data Is Stored and Use Unreliable Data Removal Methods to Erase User Content

EU GDPR is a game-changing piece of data protection legislation that goes into effect on May 25, 2018. While the legislation includes various components related to how organizations collect, store, manage and protect customer data, the 'right to be forgotten' gives individuals the right to have personal data erased. But if most organizations cannot locate where their customer data is stored (both on premise and offsite), it will be difficult to fulfill 'right to be forgotten' requests, according to the "EU GDPR: Countdown to Compliance" research study released by Blancco Technology Group.

As our study found, most organizations struggle with identifying and locating where all customer data is stored. 15 percent of German organizations admitted they don't know where all customer data is stored, both onpremise and offsite. Plus, the United States (13 percent) and United Kingdom (12 percent) are the two countries with the second and third highest percentages of respondents who don't know where all of their customer data is stored. For French organizations, however, the problem is somewhat worse with 20 percent saying their confidence level in their ability to find all customer data is low--ranging from extremely unconfident to slightly unconfident.

Richard Stiennon, Chief Strategy Officer, Blancco Technology Group, said, "If an organization cannot find their customers' data, how will they be capable of erasing the data and complying with the EU GDPR's requirement? Once they do finally locate their customers' data, the next step is erasing the data permanently so that it can never be recovered. But as our study reveals, it's quite common for organizations to use insecure and unreliable data removal methods, such as basic deletion and free data wiping software, which further undermines their security and compliance to EU GDPR."

Key findings from the study include:

* French, Spanish and German companies will beef up spending on EU GDPR-readiness technologies and processes. 85 percent of Spanish companies will spend up to $3.99 million, while 77 percent of French companies and 73 percent of German companies will spend the same amount. However, fewer American companies (65 percent) will spend this same amount.

* 72-hour breach notification, records maintenance of data processing activities and 'right to be...

To continue reading