“It is important that organizations have appropriate technical and organisational measures in place. This includes having clear data protection policies, taking a ‘data protection by design and default’ approach and continuing to review and monitor performance and adherence to data protection rules and regulations” – says Adam Stevens, Head of Intelligence at the UK Information Commissioner’s Office. (ICO).
In a sweep conducted by the ICO, as part of the Global Privacy Enforcement Network’s (GPEN) annual intelligence gathering operation, 356 companies in 18 countries were contacted.
25 percent of companies had no programs in place to conduct self-assessments and/or internal audits.
More than 50 percent of companies indicated that they have documented incident response procedures, and maintain up-to-date records of all data security incidents and breaches. However, some indicated that they have no processes in place to respond appropriately in the event of a data security incident.
Nearly 75 percent of companies appointed an individual or team to ensure compliance with relevant data protection rules and regulations.
Details from the ICO.