In a word, yes! As the deadline for GDPR creeps ever closer, companies are becoming increasingly anxious about the potential consequences of non-compliance. Some of their main concerns include fines, reputational damage, job losses and, in some cases, they are concerned that they will go out of business. These concerns are not unfounded. After all, the GDPR is unquestionably the most stringent data privacy regulation the world has seen to date. And the regulation applies to pretty much any organization – regardless of where they are located – that holds personal data belonging to EU citizens. The penalties for non-compliance are tough. For example, fines can potentially reach as high as €20 million, or 4% of annual revenue – whichever is greater.
According to a 2017 Veritas survey, which involved 900 respondents, 86% of organizations are concerned that failure to comply with GDPR could have a negative impact on their business. What perhaps more alarming is that as many as 18% of respondents are concerned that a failure to comply with GDPR could put them out of business altogether, and many others are worried about potential layoffs. 47% of respondents fear that they are not prepared to meet the GDPR requirements, with only 4% claiming that they are prepared.
One of the top concerns faced by many organizations is that they are unable to identify and classify their critical data. Since the GDPR covers the collection, storage, use and sharing of “personal data”, it is of utmost importance that organizations can identify their critical assets. Likewise, under the GDPR, organizations must only collect and store data if necessary.
In many cases, the reason why organizations are struggling to locate their critical assets is down to a lack of technology. According to the report, 32% of organizations are concerned that they do not have the technology necessary to manage their data efficiently.
To address many issues linked with GDPR compliance, a large number of organizations are seeking, or have already sought, assistance from outside their company. Of course, doing so will incur significant costs. According to the survey, organizations are expecting to fork-out an average of almost one and a half million euros to ensure that they are compliant with the GDPR.
Do they need to spend so much?
No, not really. Technology has improved a lot in recent times. For example, real-time change auditing solutions, such as LepideAuditor, provide a number of features which can help organizations address many of the compliance challenges associated with the GDPR. Some of these features include:
- An intuitive dashboard where you can view a summary of important system events
- A LiveFeed of changes which can be delivered straight to your iPhone, iPad or any Android-enabled device
- A reporting console which can generate pre-set reports to meet specific articles of the GDPR
- Real-time event detection and alerting – either based on a single event or threshold condition
- Powerful search to locate important audit data quickly
- A rollback and restore feature that lets you undo changes made to Active Directory or Group Policy quickly
By using LepideAuditor, you can manage user permissions, detect suspicious file and folder activity and anomalous logon failure. You can also detect user account modification/deletion, detect and manage inactive user accounts, track privileged mailbox access, and ensure passwords are regularly rotated. The ability to view, detect, alert, report and respond to important system events should be a top priority for companies looking to comply with the GDPR.