Blog

GDPR Alert: 49% of Organizations Have Had a SharePoint Breach

GDPR

SharePoint is now the market-leading document collaboration platform. However, the risk of data leakage due to insecure sharing of information among employees and third parties is growing. Security concerns about the use of this data are high and organizations are not taking sufficient steps to protect it. Without appropriate technologies, data breaches can go undetected.

52% of an organization’s sensitive data is stored in SharePoint

33% of employees use SharePoint to store, edit or share content

73% of employees are accidentally exposing information stored within SharePoint

63% of organizations claim they are unable to locate sensitive data stored in SharePoint

In a recent report, 49% said their organizations have had at least one data breach in the past two years. Organizations have expressed concern about the risk of a data breach stemming from the use of their SharePoint platform. However, they are struggling to meet the challenge using their existing security processes and tools. 70% of organizations believe that if their organization had a data breach involving the loss or theft of confidential information in their SharePoint platform, they would only be able to detect it some of the time or not at all.

GDPR & SharePoint

GDPR, the new EU data protection regulation, will be coming into effect on May 25, 2018. If your organization deals with the personally identifiable information (PII) of EU citizens, you will come under the law’s remit—regardless of where your business is based.

So, if you haven’t started putting into place your strategy for compliance, start doing so immediately!

Complying with the new EU data protection rules will involve various changes to how businesses work, some major. Many organizations will have to hire a Data Protection Officer to independently ensure the business is following the rules by the book. Every business will have to set up a breach notification process and they will also have to implement a procedure to provide citizens with a right to be forgotten. This allows customers or former employees to request that you collect all the digital information you hold on them and then remove it entirely from your systems. If you are like most normal businesses, you hold that information in multiple systems like SharePoint or corporate File Shares. This means searching through them individually takes countless hours of employees’ time. There is also a very high risk that a manual search might miss some information.

Organizations will only have 72 hours to report a data breach to the authorities. GDPR also includes provisions for fines of up to 4% of global annual turnover or 20 million euros, whichever is higher. This means that organizations must be preparing for compliance now. If your organization has citizen personal data stored within SharePoint then you are at risk of non-compliance.

 The Solution for SharePoint and File Shares

CoreScan is a groundbreaking product that uses AI to automate the process for identifying and retrieving personal data stored within SharePoint and File Shares in any language. This is a truly automated process with no hardware or people needed. You can learn more about CoreScan and our other security and compliance products, by requesting a trial.