Despite years of laborious discussions on the EU General Data Protection Regulation (GDPR), 20% of IT decision makers in the UK are still unaware of its existence, according to research by Trend Micro.
The GDPR, which is due to come into force on 25 May 2018, is applicable to all organisations that handle personal data on EU residents, including overseas organisations with European customers.
Trend Micro’s research shows that out of 100 IT decision-makers who were aware of the EU GDPR, 29% did not know the Regulation will apply to their organisation or were uncertain. Moreover, 21% of the respondents did not know when the Regulation will come into law, or what steps they need to take.
Compliance to the new Regulation
Organisations failing to comply with the new regulation can face fines up to €20 million or 4% of their annual turnover, and serious reputational damage. The study reveals that only 18% of companies are currently aware of the fines they might face, and 32% know there are fines but are unaware of what they are.
The overall research suggests awareness around the General Data Protection Regulation (GDPR) and its impact is growing among companies, but there’s still a lot of work to do to achieve compliance.
According to Rik Ferguson, Global VP of Security Research at Trend Micro, UK businesses lack motivation to comply with the GDPR. He said that “as it often happens with regulation, it’s going to take a whipping boy to understand the gravity of the situation for most organisations. One high-profile case of a company handing money over for non-compliance under GDPR will be the required wake-up call the rest of the industry needs to get their act together.”
Other findings in the research show:
- A quarter of organisations (26%) are now aware of how much time they have to become compliant with the GDPR,
- Over a third of organisations (31%) think that they have 6 to 12 months to achieve compliance and only 11% think they have much longer, i.e. within two to three years.
- 55% of organisations know about the GDPR requirements.
A quarter of the respondents reiterated their restricted resources as the biggest barrier to complying with the GDPR. Other challenges organisations are expecting in complying with the GDPR include lack of a formal process in place to enable a clear identification of data and ownership, the lack of financial resources, and the lack of a formal process in place to notify a security breach.
Identify privacy risks and comply with the EU GDPR
To help organisations train their staff, solidify their knowledge of the EU GDPR and achieve compliance, IT Governance has launched a four-day preparation course. This course is particularly designed to enable delegates to fulfil the role of data protection officer (DPO) within an organisation.
Delegates with little or no knowledge of the EU General Data Protection can now build a basic understanding of the GDPR by attending the Certified EU General Data Protection Foundation training course. This comprehensive training course will offer a solid introduction to the GDPR, and provide a practical understanding of the implications and legal requirements of the Regulation.
Individuals looking to undertake both the Certified EU GDPR Foundation training course and Certified EU GDPR Practitioner training course can now take advantage of an exclusive offer of 15% off the combined course.