IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

90% of businesses think it's too hard to delete customer data

Enterprises struggle ahead of GDPR rules

Symantec has revealed that the majority of businesses are underprepared for the EU's General Data Protection Regulation (GDPR) coming into effect in 2018, leaving them open to hefty fines should their practices not adhere to the stricter rules.

The security firm's research revealed that 90% of businesses think it will be hard for them to delete customer data of they receive a request and only 40% of companies have a system in place that allows them to do so.

More concerning is that 35% of business and IT decision makers don't think their company takes an ethical approach to securing and protecting customer data.

"These findings show businesses are not only underprepared for the GDPR they are underpreparing," said Kevin Isaac, senior vice president of Symantec. "There is a significant disconnect between how important privacy and security is for consumers, and its priority for businesses. The good news is there's still time to remedy the situation if firms take immediate action."

The biggest challenge businesses face is not having the knowledge in-house to be able to deal with the changes. A total 96% of companies don't understand the GDPR, while 91% don't think they will be able to meet the demands of it.

"Whether companies will successfully navigate the GDPR regulation hinges on their willingness to embrace privacy by design," Peter Gooch, cyber risk partner at Deloitte, said. "They must also understand that good security and privacy processes can provide a substantial competitive advantage and be a driver in gaining consumer trust, in addition to being driven by regulatory requirements."

In fact, only 22% have made complying with the European security demands a priority over the next two years, meaning it's likely to be put on the backburner for a lot of companies.

"Businesses should recognise that privacy, security and compliance with GDPR are extremely important brand differentiators," said Isaac. "Businesses' response to the GDPR should become a core element of organisational design and culture. Adopting a fragmented, piecemeal approach as part of a tick box exercise will create more problems than it solves."

Symantec's report revealed that consumers have a very different approach to GDPR, finding that 88% of European consumers think data security is the most important factor when choosing a company and 86% think the protection of their data is more important than the product quality.

While the GDPR may no longer apply to the UK directly following Brexit, the UK is likely to devise its own, similar, rules in order to continue trade with the EU.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Salaries for the least popular programming languages surge as much as 44%

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022