DSGVO scheint zu wirken

zumindestens in England und ich vermute auch generell. Eine Studie in Großbritannien kommt unter anderem zu dem Ergebnis:

GDPR has played a large part in these changes. Three in ten businesses (30%) and over a third of charities (36%) say they have made changes to their cyber security policies or processes as a result of GDPR. Our qualitative findings suggest that GDPR has encouraged and compelled some organisations over the past 12 months to engage formally with cyber security for the first time, and others to strengthen their existing policies and processes.

Aber vor allem auf der Management Seite scheint es noch viel zu tun zu geben.

There is still more that organisations can do to protect themselves from cyber risks. This includes taking important actions that are still relatively uncommon, around board-level involvement in cyber security, monitoring suppliers and planning incident response.