Businesses and personal data: In-depth analysis of practices and risks

How businesses globally handle personally identifiable information.

Over the past year or so, we’ve returned to the topic of personal data protection again and again. That’s not only because of the GDPR regulation that came into effect on May 25 in Europe, but also because other regions are beginning to revise their approaches to storing and processing that data. That is why our colleagues decided to analyze how businesses globally handle personally identifiable information (PII), based on data from our annual “Global corporate IT security risks” survey.

One of the rather unusual findings of this survey is that security breaches affect not only entire companies, but also management personally. When considering the risks of data breach, the people responsible for data protection usually think about fines, reputation losses, and direct damage to businesses. However, according to our respondents, a data breach often leads to job losses. That happened in almost one in three cases (31%). Typically, senior non-IT employees were held responsible and dismissed. That isn’t the most significant finding of our survey, but it should definitely serve as a valuable argument while discussing security budgets with decision makers.

It is little surprise that almost every company collects and stores some form of personal data, be it information on their employees (86%) or customers (88%). And almost one in three businesses stores data protected by the strict confines of the GDPR. Note that we are talking about global companies, not only European ones — to fall under the jurisdiction of the regulation, a company need only store data of European citizens.

About three-fourths of the businesses surveyed think they know how to manage data protection and compliance. However, 46 % of large enterprises and 42% of SMBs worldwide have had one or more data breaches during the past year. That calls the actual degree of their readiness into question: In two-fifths of cases, customer PII was affected during those breaches.

Part of the problem with data protection may be in the trend of cloud migration — nowadays 20% of sensitive customer and corporate data resides outside the corporate perimeter, making that data much more difficult to control.

To learn more about the findings, you can fill out the form below and download a complete version of “From data boom to data doom: The risks and rewards of protecting personal data.”