×

Survey Expects Banks Will be First to be Fined 100 Million Euros Under New European Union Legislation

NEW YORK, May 4, 2015 (GLOBE NEWSWIRE) -- Varonis Systems, Inc. (Nasdaq:VRNS), the leading provider of software solutions for unstructured, human-generated enterprise data, conducted a survey in March of IT professionals who attended CeBIT, Europe's largest IT show, about their general beliefs regarding the upcoming European Union (EU) General Data Protection Regulation, which is expected to go into effect this year or next.

Key Survey Findings:

  • 80% think that a bank is the most likely organization to be the first to suffer the maximum fine (of 100 million Euros) for failing to meet the EU General Data Protection Regulation.
  • When asked in which country the bank is most likely to be based, of those surveyed 30% said Germany, 28% said U.S.A., and 22% said another EU country.
  • Only 48% of respondents thought that their organization could report a breach within the required 72-hour deadline.
  • Only 31% have a plan to enable them to comply with the new legislation and only a third have the processes and technology in place to prevent their organization from getting a large fine as a result of the new legislation.
  • 71% of respondents didn't know what companies need to do in order to comply with the new legislation.
  • Only 22% of respondents knew that the maximum fine under the new legislation is planned to be 100 million Euros, most thought it was only going to be 10 million Euros (41%) or 1 million Euros (32%) and a small number thought the fine could be one billion Euros.
  • A third of respondents thought that the EU General Data Protection Regulation will come into effect in 2015, a further 28% thought it would take another year to 2016, 7% thought it would never become law, and 32% did not know when it would become law.

David Gibson, Varonis Vice President, said, "We can expect a major upgrade of the EU's General Data Protection Regulation in the next 12-24 months. Fines are expected to be 2% of annual income up to 100 million Euros/Dollars for failing to protect EU citizens' personal data, there could also be a significant number of individual claims in addition to fines, so the sums involved could be a substantial cost, even to a large enterprise. The new law will also mark a shift from a self-regulated environment to an enforcement regime, which will affect any organization storing personal identifying information on European citizens (including U.S. companies operating in the EU). Organizations need to be prepared to protect customer data and prove that they are doing so to an appropriate degree of care, report any breaches and remove any data at the request of EU citizens."

Mark Deem, a U.K.-based Partner at Cooley LLP said, "Given the extended scope and reach of the new Regulation - as well as the increased nature of fines - the survey raises a very important concern as to the extent that organisations are ready to comply with the terms of the Regulation and manage any data breach scenario. Indeed, the scale of potential fines will be closer to those handed down for bribery or anti-trust violations and, for the financial services sector; data protection compliance will be every bit as important as FCA regulatory compliance. Even though the Regulation may not be in full force until 2017, there is considerable work to be done by those seeking to offer goods and services to data subjects in the EU and to ensure that they are in the best possible position to comply."

Varonis has seven tips to keep your unstructured data in compliance to enable organizations to get ready for the EU General Data Protection Regulation:

  1. Minimize Data Collection - The proposed EU law has strong requirements that companies limit the data they collect from consumers.
  2. Report Promptly - Data breach notification is a new requirement that EU companies will have to handle.
  3. Retain Carefully - The new law's minimization rules apply not only to the scope of the data collected but also how long it's kept. In other words, you shouldn't be storing data longer than is necessary for its intended purposes.
  4. Beware the New Definition of Personal Identifier - The EU has expanded the definition of personal identifiers, this change is important because the EU law centers on protecting these identifiers
  5. Use Clear Language - You'll need explicit consent—an 'opt-in' from the consumer—when collecting data.
  6. Find Your Delete Key - 'right to erasure' means that when consumers withdraw consent on data they've given, the companies will have to remove it.
  7. Remember Cloud computing doesn't escape from the new EU law, the EU law still follows the data.

Download our full tip guide here.

Additional Resources:

Varonis Research: Are you prepared for the new EU General Data Protection Regulation?

For more information on Varonis' solution portfolio, please visit www.varonis.com and join the conversation on Facebook, Twitter, LinkedIn, and YouTube.

For more details read the blog.

Survey Methodology

The 145 International respondents reflected the audience of CeBIT, the largest IT event in Europe, which was held in March 2015. Sixteen percent of the respondents were from German banks, 3% US banks, 3% EU banks, 45% non-financial German companies, 26% non-financial European companies, and the remaining 7% were from US companies.

About Varonis

Varonis is the leading provider of software solutions for unstructured, human-generated enterprise data. Varonis provides an innovative software platform that allows enterprises to map, analyze, manage and migrate their unstructured data. Varonis specializes in human-generated data, a type of unstructured data that includes an enterprise's spreadsheets, word processing documents, presentations, audio files, video files, emails, text messages and any other data created by employees. This data often contains an enterprise's financial information, product plans, strategic initiatives, intellectual property and numerous other forms of vital information. IT and business personnel deploy Varonis software for a variety of use cases, including data governance, data security, archiving, file synchronization, enhanced mobile data accessibility and information collaboration. As of December 31, 2014, Varonis had more than 3,300 customers, spanning leading firms in the financial services, public, healthcare, industrial, energy & utilities, technology, consumer and retail, education and media & entertainment sectors

CONTACT: News Media Contact: Natalie Rizk CTP Tel: 617.412.4000 x 249 nrizk@ctpboston.com

Source:Varonis Systems, Inc.