Crown Records Management survey of IT decision makers reveals industry is unprepared for EU General Data Protection Regulation
Public sector professionals across the UK are in danger of underestimating the huge changes that lie ahead in data protection – after a survey revealed almost one in five aren’t even aware of the forthcoming European General Data Protection Regulation.
The Regulation, due to discussed again by the EU Commission, European Parliament and the Council of the EU on June 24, is predicted to be ratified in the next 12 months and in place during 2017.
It will bring with it huge fines for data breaches, sweeping changes for every company that handles the personal data of European citizens and new rights for data subjects to call for information held about them to be edited or deleted.
But The Crown Records Management/Censuswide Survey of IT decision makers at UK companies with more than 200 employees, undertaken in April 2015, revealed some shocking results:
- Almost one fifth of IT decision makers in the public sector (17.2 per cent) are totally unware of the changes
- A quarter (25.2 per cent) will wait for the final details of the Regulation before taking any action at all
- Less than half, 43.2 per cent, are reviewing policies ahead of the new Regulation – in the Insurance sector the figure was 60 per cent
- Four in six (65 per cent) have no plans in place to train staff despite the changes looming. In the Facilities Management sector, 60 per cent have training lined up.
There were also wide differences between sectors in terms of the issues that caused them most concern:
- The Public Sector and those in Facilities Management placed new ‘right to erasure’ rules as the biggest concern
- The Legal Sector saw the cost of implementation as its number one issue
- Banking and accountancy, the Insurance industry and Retail picked out the difficulty of implementing the legislation
- The Pharmaceutical industry feared ‘loss of reputation’ from a data breach
John Culkin, Director of Information Management at Crown Records Management said: “These results show UK businesses and those in the public sector are leaving it dangerously late to prepare for the EU General Data Protection Regulation and are worryingly uninformed and yet to grasp the enormity of the changes ahead.
“But the important question is not just whether people are worried or not, but whether they are being proactive and taking early action to prepare. Our advice is that waiting too long could be a very dangerous game.”