GDPR: The regulation juggernaut Asia-Pacific is ignoring?

Many companies are still unaware of how much emerging security-related regulations will affect them, with the vast majority of Asia-Pacific firms in the dark about the impact of the upcoming General Data Protection Regulation (GDPR).

The GDPR is a new legal framework in the EU intended to strengthen and unify data protection and will take effect in May 2018. 

Research conducted by NTT Security suggests that a common misconception of GDPR is that it only affects EU companies.

“This is inaccurate,” explained NTT Security’s report Risk:Value 2017. “It affects any company that processes data about EU citizens, and promises to have a profound effect on organisations across the globe.”

NTT Security interviewed 1,350 decision makers in businesses across the globe to find out how they viewed information security risk, and what they were doing to mitigate it.

When Asia-Pacific businesses were asked about GDPR, just 29% of firms in Hong Kong were aware of it, with 26% awareness in Australia and 33% in Singapore.

“They are in for a rude awakening in May 2018 when penalties for non-compliance could run to billions of dollars for the largest organisations,” said the report.

The report also looked at attitudes and spending on information security across firms in several countries. Companies in Singapore, a country with strong security requirements, again performed poorly with just 29% of firms saying their critical data was secure. For context, in France 61% of companies had secured their critical data.

However, there was a contrasted finding around data location. Only 54% of companies in France had any clue where the organisation’s data was stored, but 82% of companies in Hong Kong know where the data is physically located.