- Only one-third of businesses are confident or very confident in their ability to handle an international data breach, according to a Ponemon Institute and Experian Data Preparedness survey of more than 1,000 professionals globally.
- In the last year, companies doubled their compliance effectiveness in breach notifications. Likewise, 54% of companies were able to comply with GDPR more broadly in 2019, compared to 36% in 2018.
- On average, organizations experienced seven breaches that required reporting under GDPR. Of U.S. respondents, 63% experienced a breach involving theft or loss of over 1,000 records of confidential data in the last two years.
Government is catching up to technology, or at least trying to. The federal government trail Europe — and California — in data privacy regulation. In February, the Data Protection Act was proposed in Congress in an effort to establish a federal watchdog.
U.S. companies are sitting in data privacy purgatory and 67% fear they can't sustain their compliance with GDPR.
Compliance is a rolling obligation, which follows data where it travels throughout an organization. From an employee spreadsheet to a data lake, data is hardly stationary, which complicates compliance.
U.S. companies spent $82 million on compliance solutions in the last 12 months and CFOs anticipate larger IT budgets partially due to information management and privacy.
GDPR is only in its second year and fines have reached about $126 million. The regulation found its teeth, penalizing companies outside the tech industry, including British Airways and Marriott International.
Law firm DLA Piper said it's "unwise to assume" fines will be "low and infrequent." Instead, GDPR regulators, in part, calculate fines based on circumstance: Was the privacy infringement intentional or negligent? Likewise, whether or not companies had adequate security measures in place.
If a company experiences an unavailable system or an inappropriate security use, it may not require reporting to regulators. Reportable breaches are limited to how much they impact a consumer's rights and freedoms. However, 35% of companies that experienced a breach don't know the cause of it, which could increase the chances of a recurrence.