{"id":8155,"date":"2020-09-01T14:09:29","date_gmt":"2020-09-01T14:09:29","guid":{"rendered":"https:\/\/www.securitytoday.de\/2026\/04\/02\/post_id-2443\/"},"modified":"2026-05-10T19:06:51","modified_gmt":"2026-05-10T19:06:51","slug":"top-5-data-protection-risks-for-enterprises","status":"publish","type":"post","link":"https:\/\/www.securitytoday.de\/en\/2020\/09\/01\/top-5-data-protection-risks-for-enterprises\/","title":{"rendered":"Top 5 Data Protection Risks for Enterprises"},"content":{"rendered":"

The World Economic Forum has intensified its focus on corporate data protection, driven in part by remote-work policies. The collapse of the EU-US Privacy Shield further underscored the need for closer scrutiny.<\/strong><\/p>\n

Here are the five most dangerous data risks, according to OTRS AG:<\/p>\n

1. Partnering with Grey-Market Providers<\/strong><\/h2>\n

Grey-market providers offer software solutions outside official distribution channels. Some enterprises opt for these offerings – often due to their low price – despite the legal and security risks involved. The core problem is that grey-market vendors do not own the source code.<\/p>\n

This creates two major risks for enterprises. First, limited product expertise may lead to insecure configurations that leave data exposed. Second, because the software is distributed outside official channels, it often receives no updates or security patches – leaving known vulnerabilities unaddressed.\u00a0<\/span><\/p>\n

2. Using Outdated, Unpatched Solutions<\/strong><\/h2>\n

Product updates and security patches are essential for closing known vulnerabilities. Without them, attackers can exploit backdoors – unauthorized entry points that bypass standard access controls – to gain access to sensitive data. According to a\u00a0<\/span>Tripwire study<\/a>\u00a0<\/span>, 27 percent of security breaches stem from delayed or missing patches.<\/p>\n

3.<\/strong>\u00a0Working with Suppliers That Neglect Data Protection<\/strong><\/h2>\n

Whether engaging external consultants or service providers, enterprises must fully understand how those third parties protect data. Before signing any contract, clients should\u00a0<\/span>ask targeted questions<\/a>, to gain a thorough understanding of the vendor\u2019s security practices – and explicitly incorporate security commitments into contractual agreements.<\/p>\n

4. Inadequate Employee Training<\/strong><\/h2>\n
\"\"

Employee training can be the key to solving the problem. Source: iStock \/ skynesher<\/p><\/div>\n

People remain the weakest link: employees still create weak passwords and frequently connect via unsecured networks. Professional training helps build awareness of real-world threats – including social engineering and phishing attacks.<\/p>\n

With so many employees now working remotely, mobile workers must ensure their home networks are secured – and use a Virtual Private Network (VPN), wherever possible.<\/p>\n

5. Absence of Clearly Defined Incident-Response Processes<\/strong><\/h2>\n

What happens when a breach occurs? The longer an incident remains undetected or unresolved, the greater the volume of compromised data. In a global\u00a0<\/span>survey by the OTRS Group<\/a>\u00a0<\/span>of IT managers, 40 percent cited the urgent need for clearly defined incident-management processes to respond more effectively to security breaches.<\/p>\n

\u201cThere is no such thing as 100% data security – but there are numerous protective measures,\u201d says Jens Bothe, Director Global Consulting at OTRS AG and cybersecurity expert. \u201cRemote work increases our exposure to security risks, but following these five recommendations significantly reduces that risk.\u201d<\/p>\n

For more information on how\u00a0<\/span>OTRS<\/strong>\u00a0<\/span>can help structure enterprise security, see\u00a0<\/span>here.<\/a><\/p>\n

 <\/p>\n

Key Facts<\/h2>\n

GDPR fines:<\/strong> European data protection authorities have imposed over \u20ac4.5 billion in penalties to date.<\/p>\n

Data breaches:<\/strong> 83 percent of enterprises experience more than one data protection incident per year.<\/p>\n

Frequently Asked Questions<\/h2>\n

What is the difference between data protection and data security?<\/h3>\n

Data protection governs the lawful handling of personal data – covering legal basis, purpose limitation, and data subject rights. Data security refers to the technical and organisational measures used to safeguard all<\/em> data against loss, tampering, or unauthorised access.<\/p>\n

Does every company need a Data Protection Officer (DPO)?<\/h3>\n

In Germany, appointing a DPO is mandatory if at least 20 people regularly process personal data using automated systems – or if special categories of personal data (e.g., health data) are processed.<\/p>\n

What rights do data subjects have under the GDPR?<\/h3>\n

The right of access, rectification, erasure (\u201cright to be forgotten\u201d), restriction of processing, data portability, and objection. Companies must respond to such requests within one month.<\/p>\n

Related Articles<\/h2>\n