This is in contrast with last year’s survey where only half enforced encryption of data, or were completely confident in their encrypted data, in transit (52%), in the cloud (52%) and at rest (51%), showing a discernible increase in the use of, and need for, encryption as a key component of the data security process.
Forty one percent of respondents have also noticed an increase in the implementation of encryption in their organisation since GDPR was enforced, and their organisation now requires all data to be encrypted as standard, whether it's at rest or in transit. This demonstrates the significance of encryption in GDPR compliance and the protection of sensitive data and is likely driven by it being specifically recommended in Article 32 of GDPR as a method to protect personal data and in Article 34, where obligations towards breached data subjects are reduced where the breached data is encrypted.
GDPR is clearly making security a board level topic with the C-suite now owning the security budget in eighty six percent of the companies surveyed. Organisations are allocating just under a third (30%) of their IT budget to GDPR compliance, which is huge increase when considered against research commissioned by IBM in 2018 that set the ideal spend on cyber security, in general, at 9.8 to 13.7% of the IT budget.
However, despite last year’s survey finding that ninety eight percent of those who knew that GDPR applied to them forecasting a need to assign further budget and resources after achieving compliance, almost a quarter (24%) of this year’s respondents that claim to be in compliance, believe they do not need to assign any further budget or resources.
Jon Fielding, Managing Director, EMEA Apricorn commented: “With the one year anniversary of GDPR this week, it’s clear that organisations are getting their houses in order, but there still seems to be a long way to go in terms of education and awareness. Organisations need to be mindful that GDPR is an ongoing process and not just a tick box exercise. The most common ways to maintain compliance are to continue to enforce and update all policies and invest in employee awareness on a regular basis. Additionally, encryption is a key component within the compliance “kit”, helping to lessen the probability of a breach and mitigate any financial penalties and obligations that would apply in the unfortunate event of a breach.”