Network services provider EfficientIP has warned businesses that, in reality, February 15th was the last day that organisations can ensure their real-world compliance with GDPR.
I Thought May 25th Was The Deadline?
May 25th is the actual date that companies and organisations need to ensure that they are compliant with GDPR. However, the point that EfficientIP made in an announcement last week is that, realistically, it actually takes 99 days to detect a data breach. This gives hackers time to ‘exfiltrate’ data, or remove it without detection. Taking this into account, February 15th is exactly 100 days before May 25th 2018, and could, therefore, be regarded as the last day organisations can ensure real-world compliance with GDPR.
With this point in mind, some Cyber Security experts have started referring to February 15th as “X-Day” because it is the last day companies can prevent data exfiltration attacks without potential prosecution by regulators.
What Is Data Exfiltration?
Data exfiltration is the unauthorized copying, transfer or retrieval of data from a computer or server. In other words, hackers can use the DNS protocol to very quickly transfer large amounts of personal and sensitive data from your company systems e.g. customer data such as credit card numbers, or company information such as financial records.
EfficientIP have pointed out that most of the companies breached after February 15th 2018 will only discover the attack after GDPR is in force, and will, therefore, (legally) only have 72 hours to publicly disclose the breach.
How Common is Exfiltration?
EfficientIP’s own research shows that as much as 24% of companies have suffered data exfiltration in the past year.
Although the EfficientIP is a warning, and companies already know that failing to comply with GDPR will bring large fines, and data breaches can cause irreparable damage to a company and its reputation, there are some very positive reasons for preparing now for GDPR. For example, a recent Veritas survey showed 95% of decision-makers expect a positive outcome from GDPR compliance, and 92% think they would benefit from having better data hygiene.
68% of respondents in the Veritas survey also said that getting GDPR compliant would give them a better insight into their business, which could help to improve the customer experience, and that compliance could actually save the company money.
It’s all very well issuing worrying warnings, but companies not yet compliant need to find effective ways to drive the cultural and organisational changes needed to get to grips with GDPR going forward. These motivators, also highlighted in a recent Veritas survey, could include adding compliance to employee contracts (47%), implementing disciplinary action if the regulation is disobeyed (41%), and educating employees about the benefits of GDPR (40%).
What Does This Mean For Your Business?
GDPR is just around the corner and this ‘X-Day’ warning is an indicator that realistically, GDPR compliance shouldn’t be put off any longer.
Data management commentators suggest that companies should adopt an automated, classification-based, policy-driven approach to GDPR so that they can meet the regulatory demands within the short time frame available.
Businesses have now heard all the warnings, and many companies and organisations are now starting come around to the idea of focusing on the positive outcomes and benefits that GDPR compliance will bring such as increased revenues, resulting from improved customer loyalty, heightened brand reputation, and competitive differentiation in the market.
There is also now growing realisation that companies will prefer to have business relationships with GDPR compliant companies to help ensure their own compliance. This means that GDPR compliance will be become a basic necessity to enable companies to compete in a normal way in today’s business environment.