GDPR’s impact since its rollout last year is somewhat hard to measure, but Tripwire decided to conduct several quick surveys on Twitter to measure how consumers and businesses view the privacy regulations impact in light of the recent fines levied against British Airways and Marriott.
The overall take from the 400 people surveyed was not very positive.
Even though the fines were a significant amount of money, about $224 million for British Airways and $124 million for Marriott, 22 percent of those who responded believed they would have no impact on how the companies approached security, while 52 percent said the fines would force at least some change. When it came to the size of the fines themselves only 12 percent thought they were too high, 42 percent said the fines were to low and 43 percent said they were appropriate.
Even more damning was the finding that 71 percent felt their data is no safer with GDPR in place.
Dave Meltzer, CTO at Tripwire, chatted with SC Media at Black Hat on the survey and sais that while some of the perceptions uncovered in the survey do reflect people’s gut reaction to the situation there is some evidence to prove that corporations are behaving differently under GDPR. He noted significant investment being made by companies in people, technology and processes by companies in order to comply with GDPR.
However, one difficulty on this front has been the lack of clear guidelines or precedents set yet on what level of security is needed to suffer a breach, yet not be fined for a GDPR regulation violation. Meltzer said this is because the law is only just over a year old so there is no backlog of case history for companies to view that will tell them what level of security is needed to have regulators give them a pass if they happen to suffer a breach.
Meltzer pointed out that several companies being fined are appealing the decisions and if the fine is lowered or overturned only then will enterprises have a clearer understanding of what level of security is needed.