Most IT security professionals believe GDPR non-compliance is commonplace, as the landmark data protection legislation turns one tomorrow, according to Infosecurity Europe.
Over 6400 industry practitioners responded to a Twitter poll run by the leading cybersecurity event, which runs from June 4-6.
Some 68% said they thought many organizations have likely not taken the GDPR seriously enough, while nearly half (47%) claimed regulators are being too relaxed when it comes to enforcement.
Recent research indicates that regulator the Information Commissioner’s Office (ICO) has investigated 11,468 data breach cases between May 2018 and March this year, but just 0.25% have led to monetary fines.
On the plus side, only a little over a third (38%) Infosecurity Europe respondents said GDPR compliance efforts had hindered other cybersecurity plans.
Mark Taylor, partner at Osborne Clarke, claimed that organizations are now turning their attention to the “practicalities of compliance,” but that complications are starting to emerge for multi-nationals.
“First, within a large group, it can be hard to accurately determine the various roles — i.e. data controller and data processor — which the group members have under GDPR. This is important because it determines the relative responsibilities of the group members, and which regulator has jurisdiction over them,” he explained.
“Second, the local laws supplementing GDPR across Europe have adopted variations of GDPR to a greater extent than we might have ideally hoped for. So while GDPR has made international compliance easier, it hasn’t unfortunately made it a one-size-fits-all approach everywhere.”
Taylor also argued that regulators in different jurisdictions are taking a different approach to enforcement.
“Looking forward, I think that enforcement activity will step up, with companies that are undertaking higher-risk processing likely to be most at risk,” he added.