In a recent Vanson Bourne survey, 625 IT decision makers across the UK, France, Belgium and Luxembourg were questioned about how prepared they were for the GDPR (General Data Protection Regulation).
The research found that 54% of businesses had little understanding of the fines associated with the GDPR, 17% of all businesses surveyed admitted that if they were fined under the GDPR the business would close, and 39% of IT decision-makers surveyed said that fines would lead to redundancies within their businesses.
6% of UK businesses viewed the GDPR as a number-one priority, compared with 30% of businesses in France and 25% of businesses in Benelux. In addition, 20% of businesses in the UK considered the GDPR to be a low priority, compared with 8% in France and 11% in Benelux.
42% of businesses within western Europe believe they will be ready when the GDPR is enforced next year. However:
- Only 42% have appointed a data protection officer
- Less than 45% are able to report a data breach within 72 hours of discovery
- Just 44% have procedures in place to delete personal data in the event of an erasure request or if an individual objects to their data being processed.
The survey also discovered that in 70% of businesses it is the IT department that is taking responsibility for GDPR compliance. This responsibility fell to legal teams in 4% of business, and to board members or senior management in 13% of businesses.
The research also highlighted that IT decision-makers felt that a lack of awareness from key decision-makers was the reason for not having the necessary protocols in place, including those needed to report a breach within 72 hours of discovery – a key aspect of GDPR compliance.
However, 98% of organisations either have implemented or are in the process of implementing a formal plan for employees that will outline the data security policy and what is expected of them when they handle personal data. This shows that, despite other limitations, organisations are taking steps to raise awareness of data security within the workplace and take the matter seriously.
IT Governance has all of the resources you need to comply with the GDPR, including those for raising staff awareness.
Are your staff aware of the GDPR?
A key component of any organisation’s GDPR compliance framework is staff awareness and education. With the Regulation stipulating significant fines for non-compliance, it is essential that your staff have an understanding of the new Regulation’s requirements.
The GDPR Staff Awareness E-Learning Course is a quick, affordable and effective means of delivering training to multiple learners.