Nearly 75% of firms not GDPR compliant; data protection strategy needed: Gartner

The global scenario for compliance with the European Union’s General Data Protection Regulation (GDPR) is not very encouraging, according to market research firm Gartner, with barely a quarter of firms falling in line with the new law.

The EU’s data protection and privacy regulations came into effect in May with the aim of enforcing stricter implementation of rules and serious consequences for businesses in cases of non-compliance.

"When we looked at the market well before the May 25 deadline when GDPR was due to come into effect, we estimated that close to 50% of businesses wouldn't be ready to comply with the new regulation," Deborah Kish told TechCircle. “However, post the law coming into effect, the picture looked more grim with close to 75% of enterprises still not ready to be compliant with the law.”

Earlier this month, an EY report revealed that 63% of Indian firms familiar with the requirements and impact of GDPR continue to lag behind in compliance. India is in the process of creating its own data privacy law.

Kish said that GDPR compliance was going to be a lengthy and ongoing project for most businesses.

She also said that enterprises should stop looking at enterprise security from a "tools" perspective and take up a data protection strategy instead. 

"What enterprises should understand is that the future of data security would be a planned governance network within an organisation. They need to have all business division stakeholders on board and think of a strategy together," Kish said.

Explaining further, the Gartner representative that the board should first identify their critical data and then think about what information they have, who has access to it and where is it being stored. 

"After all of this identification, they can start looking at tools which are needed for specific purposes," she said.

Kish also said that companies were moving towards a more predictive approach for security via use of artificial intelligence tools. 

"Companies are looking at external and internal theft of data. While they are encrypting data, they are also involved in tasks such as network monitoring where they are checking for anomalies," she said, adding that companies were also tracking behavioural patterns of employees.

The market research firm said that enterprise spending on information security products and services in India was on track to reach $1.7 billion in 2018, an increase of 12.5% over last year. In 2019, the market is predicted to reach a total of $1.9 billion. 

“Continued focus on building detection and response capabilities is bolstering security spending in India,” said Siddharth Deshpande, research director at Gartner.

“Highly publicised and high-impact security incidents in India — like the recent incident with Cosmos Bank — reinforce the need for organisations to treat security and risk management as a top business priority,” he said.

Explaining further, he said that security incidents often happen because organisations do not pay attention to basic security practices. 

“Continued breaches reinforce the need for chief information officers (CIOs) and chief information security officers (CISOs) to view sensitive data and IT systems as critical infrastructure and prevent, detect and respond to incidents appropriately,” Deshpande said.

According to Gartner, integrated risk management software will record maximum growth in 2019 at a pace of 26.6% followed by data security at 12.4%. 

The research firm also said that lack of skills were raising demand for security services. “CISOs are increasingly concerned about the quality of security services currently available, creating an opportunity for new security services providers that can offer higher quality services,” Deshpande said.

The security services market in India will grow from $885 million in 2018 to $1 billion in 2019, an increase of 13% year-on-year, Deshpande added.