“Over $1.2 billion worth of GDPR fines were issued between January 2021 and January 2022 – a sevenfold increase on the previous year. If there is anything to take from this GDPR anniversary, it’s that organizations need to get their house in order straight away – as I expect another significant rise in fines over the course of this year,” said Oliver Cronk, Chief Architect at Tanium.
A cause of this will be the wholesale changes that were made to IT infrastructure overnight to keep businesses running during the pandemic, the negative impacts of this are still being felt by many organizations. The requirement for rapid change meant that security and compliance sometimes took a back seat – but this isn’t a sustainable long-term approach. It’s tough for IT teams to simultaneously juggle business priorities, but now that the pandemic has eased it’s crucial for GDPR compliance to be treated as a key focus area.
To support this, IT teams must fix the visibility issues that most of them have. Our research shows found that ninety-four percent of today’s enterprises find 20% or more of their endpoints are unprotected, making it impossible to be sure that data is being handled in a GDPR-compliant manner. Risk analysis is another important area of GDPR compliance because it enables IT risk to be assessed so that issues can be fixed before an incident occurs. This can be the difference between being on the back or front foot, helping to avoid data breaches, and the associated fines. Staff training is also crucial – and organizations need to ensure their Data Protection Officers support the whole company with information on how to remain compliant, especially given the new hybrid working landscape.
If these steps are followed, organizations will stand a good chance of not becoming the next big negative GDPR headline – which I expect to see several more of this year. The reputational damage caused by these events can often have a larger impact than the fine itself, so the value of GDPR compliance cannot be underestimated.”