top of page

News & Views

Sensitive data challenges continue, says report

Nearly 30% of UK organizations are discovering sensitive data outside of dedicated locations, even though 91% were sure it is stored securely, says the latest finds from Netwrix (

According to the Netwrix  2020 Data Risk & Security Report ( which gathered insights from 1,045 respondents worldwide reported that data was left overexposed for days (33%) or weeks (22%). Incidents with misplaced data is a common trend worldwide, however it seems that UK companies are more prone to it, especially if compared to other European countries, where on average only 18% had similar incidents.

When it came to complying with GDPR, 45% of respondents that must comply with the GDPR said that they are unsure whether their organizations gather more customer data than the law permits at the stage of data creation.  Some 15% of organisations have mistakenly deleted necessary, sensitive or regulated data over the past year at the stage of data disposal, which violates GDPR requirement in a robust data retention programme (Article 25) (

Of respondents in the UK, 72% indicate that the need to deal with data subject access requests (DSAR) puts additional pressure on their IT teams; however, those respondents who have their data classified respond to a DSAR in five hours, while those who don’t spend three times longer.

“Today, understaffed IT departments in the UK organizations experience significant pressure as they not only have to protect their organizations against cyber threats and respond to auditors’ requests, but also to manage DSAR requests,” says Matt Middleton-Leal, EMEA and APAC General Manager at Netwrix.

“With such a workload, they struggle to ensure their sensitive data is equally protected at all stages of data lifecycle, and often fail.  To address this challenge, the UK cyber security leaders need to obtain visibility into all internal processes and user activity that involve sensitive data.  This will enable them to prioritise their efforts and mitigate security and compliance risks more efficiently.”

A copy of the report can be downloaded from

bottom of page