94% of US CIOs have data that is impacted
Only 60% of US respondents have plans in place to respond to the impact of GDPR
Only 19% of UK companies have such plans prepared
GDPR requires anyone processing, holding, or making decisions on the purpose and use of any personal data of EU citizens to:
- Ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
- Restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
- Demonstrate processes for regularly testing, assessing, and evaluating the effectiveness of these measures for ensuring the security of the processing.