Fears of project delays could prevent compliance with GDPR

Pseudonymisation of data aids compliance with forthcoming EU regulation, but organisations still see reasons to avoid it, finds Delphix

Organisations are reluctant to pseudonymise their data, even though the process aids their security and is a step towards compliance with the upcoming General Data Protection Regulation (GDPR) coming to EU member states.

Speaking at today's DevOps Summit 2016, Gary Hallam, director solutions engineering, EMEA, Delphix, explained why data masking is a good idea.

If we mask data so it cannot be attributed to a person, that will give advantages," began Hallam. "That reduces risk of data breaches - you haven't lost anything if you're breached. That also eases the reporting burden. You don't have to report lost data if it was masked. Similarly, you don't have to report on other companies which have access to data you control, if it's masked."

Delphix surveyed 300 firms from the UK and Germany, and found that 30 per cent of non-production data is being masked now, but the ambition among respondents was for 50 per cent of data to be pseudonymised in future.

But that still leaves half of this data not being masked, Hallam commented.

The survey found that the biggest reason for not masking data was fears of project delays, with 36 per cent of respondents giving that explanation. Meanwhile, 34 per cent said lack of control of data was the biggest reason behind not masking it, compared to 21 per cent citing cost, and nine per cent lack of expertise.

Responding to an audience question around Brexit, asking if Britain's exit from the EU will affect the need to comply with the GDPR, Hallam explained that firms will still need to pay heed.

"GDPR relates to the worldwide processing of EU citizens' data, so you'll still need to comply," he said.