Twelve months on and organisations are still not GDPR compliant, say 68 per cent of respondents to Infosecurity Europe poll


It’s almost one year on since GDPR came into force yet there appears to be a lack of confidence in its application according to the latest Twitter poll from Infosecurity Europe 2019 – Europe’s number one information security event. The majority of respondents to the poll (68 per cent) believe that organisations have not taken the EU General Data Protection Regulation (GDPR) seriously and are still not compliant.

A lack of doubt in its enforcement is reflected by further results of the poll. When asked if respondents believe that GDPR regulators are being too relaxed when it comes to enforcing standards and following up with organisations, almost half (47 per cent) agreed that they were.

Governance, risk and compliance continue to be a key issue being faced by the cybersecurity industry and is also one of the top trends within the cybersecurity industry in 2019, according to Infosecurity Magazine’s second annual State of Cybersecurity Report, which is based on interviews with  industry professionals from across the globe and is scheduled to be launched at Infosecurity Europe, this year.

Early exclusive extracts taken from the cybersecurity report, indicate that despite compliance being the standout industry trend in the 2018 report, it has dropped in the 2019 report. That said, report respondents indicate that regulatory controls will remain a driver in the EU and beyond. Others mention the failures of data protection regulators to actually push the regulatory charges. However, they believe GDPR and other compliance regulations have done a lot to promote the cause for effective incident response.

The Infosecurity Europe twitter poll revealed that just over a third (38 per cent) believe that GDPR compliance has dominated their organisation in the last 12 months and hindered their plans for other cybersecurity projects. This indicates that some cybersecurity initiatives have continued, despite the weight of GDPR on all organisations to become compliant, or face hefty fines.

One of the contributors to the forthcoming State of Cybersecurity Report, Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4, comments on the impact of GDPR. He said, ‘While excitement about regulation has died down a little, the introduction of GDPR has had both positive and negative impacts. GDPR will remain a driver in the EU and beyond, as more and more organisations are changing the way they handle data in the face of changing regulatory requirements. GDPR and other compliance regulations have done a lot to promote the application of foundational information security and privacy-related practices. A potential downside, however, is that many organisations still assume that meeting a compliance requirement is the same as being secure - of course history teaches us that compliance and security are not the same thing.”

Dan Raywood, Contributing Editor, Infosecurity Magazine and author of the State of Cybersecurity Report, comments: “Compliance is a complicated trend to fully evaluate, because while it is something that needs to be acted upon, the stronger enforcement and regulation that had been hyped in the build-up to GDPR have not really materialised. Therefore, it may force some to think that compliance does not have to be taken as seriously as we are expected to believe.

“At Infosecurity Europe in the Talking Tactics theatre, on Thursday 6th June at noon, I’ll be presenting the findings of the ‘State of Cybersecurity Report’ in further detail and discussing their relevance, with a view to delivering an understanding of what is driving cybersecurity trends right now, and what will drive it in the years to come. I look forward to running an interesting, thought-provoking session at the event. The report will be available to download at this time.”

Governance, risk and compliance will be a key theme at Infosecurity Europe 2019. The following speaker sessions covering the topic are scheduled:

Tuesday 4 June, 2.00pm, Security SMEs Symposium, Pillar Hall, Olympia

Wednesday 5 June, 11.45am, Don’t Acquire Your Next Breach: Managing Vendor Risk Under the GDPR, Information Security Exchange

Wednesday 5 June, 12.45pm, How the UK’s Data Protection Act of 2018 Impacts Your GDPR Programme, Talking Tactics Theatre

Wednesday 5 June, 3.20pm, Understanding & Leveraging GDPR Regulations to Justify IT Security Spend, Strategy Talks

Wednesday 5 June, 4.40pm, Navigating Complex Regulatory Ovesight to Ensure Privacy, Security & Compliance, Keynote Stage

Thursday 6 June, 11.20am, Your Organisation & The European Directive on Security of Network & Information Systems (NIS Directive), Strategy Talks

Attracting 6421 responses, the Infosecurity Europe Twitter poll was conducted during the period 17-19 May 2019.

Infosecurity Europe, now in its 24th year, takes place at Olympia, Hammersmith, London, from 4-6 June 2019. It attracts over 19,500 unique information security professionals attending from every segment of the industry, including 400+ exhibitors showcasing their products and services, industry analysts, worldwide press and policy experts, and over 200 industry speakers are lined up to take part in the free-to-attend conference, seminar and workshop programme -

Add a Comment

No messages on this article yet

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter