Businesses across the UK are in danger of underestimating the huge changes that lie ahead in data protection – after a survey revealed one in five aren’t even aware of the forthcoming European General Data Protection Regulation.
The Regulation, due to be discussed again by the EU Commission, European Parliament and the Council of the EU on June 24, is predicted to be ratified in the next 12 months and in place during 2017.
But The Crown Records Management/Censuswide Survey of IT decision makers at UK companies with more than 200 employees revealed some shocking results:
One fifth of decision makers (19.6 per cent) are totally unware of the changes
One third of decision makers aged 55+ (29.4 per cent) know nothing about the challenges ahead
A quarter of businesses (25.3 per cent) will wait for the final details of the Regulation before taking any action at all
Half of companies (52 per cent) who know about the Regulation still aren’t currently reviewing policies
Nearly half of decision makers in companies with a turnover of more than £500m (42.5 per cent) are ‘not really concerned’ or ‘not concerned at all’ about the impact of the new structure.
Almost two-thirds (63 per cent) have not yet appointed a Data Protection Officer, which will soon become compulsory for many companies
Three-in-five (59 per cent) have no plans in place to train staff despite the changes looming
There were also wide differences between sectors in terms of the issues that caused them most concern:
The Public Sector and those in Facilities Management placed new ‘right to erasure’ rules as the biggest concern
The Legal Sector saw the cost of implementation as its number one issue
Banking and accountancy, the Insurance industry and Retail picked out the difficulty of implementing the legislation
The Pharmaceutical industry feared ‘loss of reputation’ from a data breach
And also in how well prepared they are:
Facilities Management is ahead of the game in staff training with 60 per cent introducing new programmes – but only 33 per cent are following suit in the pharmaceutical industry
Two thirds of those in the insurance sector are currently reviewing policies in preparation – but only 39 per cent in Facilities Management
Nearly half of pharmaceutical companies have already appointed a Data Protection Officer –but only 24 per cent in retail.
John Culkin, Director of Information Management at Crown Records Management said: “These results shows UK businesses are leaving it dangerously late to prepare for the EU General Data Protection Regulation and are worryingly uninformed.
“For big companies to say, for instance, they are ‘not concerned’ means they are not concerned about potential fines of 100m Euros, or five per cent of global turnover. Considering most companies of that size are likely to be part of the FTSE 350, how many shares does that represent? How would such a fine affect dividends?
“But the important question is not just whether businesses are worried or not, but whether they are being proactive and taking early action to prepare. Our advice is that waiting too long could be a very dangerous game.”