Although the EU General Data Protection Regulation (GDPR) affects any organisation that processes EU residents’ personal data, and that the UK is – for now – a member of the EU, an NTT Security survey has found that 61% of UK organisations don’t know that the Regulation applies to them.
The 2017 Risk:Value report polled 1,350 non-IT business decision makers across 11 countries.
The NTT Security survey found that, despite their lack of awareness of the GDPR, UK organisations report that they do a good job of informing their staff of their data protection obligations. The UK led all surveyed countries in terms of employees confirming that their organisation had an information security policy (72%).
Of those organisations with a formal policy, 79% of companies across the globe said they had actively communicated it to all staff. The UK (83%) was well above average, as was the US (84%) and Germany/Austria (85%). In total, 60% of all UK organisations have a policy and have communicated it to their staff.
Still, if organisations are ignoring their responsibility to comply with the GDPR, it doesn’t matter if they have a policy or not. Any company that fails to address the much stricter requirements of the Regulation could face significant penalties. Failure to comply is punishable with fines of up to €20 million (about £17.5 million) or 4% of annual global turnover – whichever is greater.
Given that many UK organisations process the personal data of residents in other EU countries, the GDPR will still have a big influence in the UK after Brexit. By that same reasoning, the Regulation will affect many organisations in countries outside the EU. But according to NTT Security, non-EU countries are even less aware of their obligations. Among surveyed countries, the US was the least informed (25%), followed by Australia (26%), Hong Kong (29%) and Singapore (33%).
Educate your staff
With less than a year until the GDPR takes effect, you need to make sure everyone in your organisation knows about the Regulation and how it will affect them. Our GDPR Staff Awareness E-learning Course defines the scope of the Regulation, introduces the principles for collecting and processing personal information, and shows you how your organisation can achieve compliance.
Those who are already involved in data protection or wish to enter the field might want to consider our specialised GDPR training courses. We offer a Certified EU General Data Protection Regulation Foundation (GDPR) Training Course and a Certified EU General Data Protection Regulation Practitioner (GDPR) Training Course.
You can book these courses together in our combination course and receive a 20% discount.