There is an alarming lack of awareness across all industries about the EU General Data Protection Regulation (GDPR), according to a government survey. Almost two thirds (62%) of respondents hadn’t heard of the Regulation, and only about 10% had taken steps to meet its compliance requirements.
The survey split respondents into businesses and charities. Among those that have started to prepare:
- 36% of businesses and charities have changed their cyber security practices;
- 21% of businesses and 10% of charities have invested in additional staff training; and
- 6% of businesses and 12% of charities have installed, changed or updated antivirus or anti-malware software.
Larger organisations more prepared
As you would expect, larger organisations were more likely to be aware of the GDPR. Of organisations with 250 or more employees, 80% of businesses and 75% of charities had heard of the GDPR.
In contrast, awareness among small and medium-sized organisations ranged from 49%–66% for businesses and 47%–53% for charities.
The finance and insurance (79%), information or communications (67%) and education (52%) sectors have the highest awareness of the GDPR. The finance and insurance sector is also the most likely to have put in place measures to comply with the GDPR, with 54% having done so.
Construction (25%) and the production and manufacturing (27%) sectors are among the least aware of the GDPR. However, the least prepared sector is retail and wholesale, with only 13% of organisations having started.
Preparing for the GDPR
Although it’s good to see many organisations adjusting their policies and procedures to meet the GDPR’s requirements, the lack of attention paid to staff awareness is concerning. If employees aren’t shown how to follow the policies and procedures – or if they don’t know that they even exist – how are they expected to comply with them?
Your staff handle personal data daily, so your compliance ultimately rests on their ability to keep data accurate and secure, and to respond correctly when that’s not the case.
It can be daunting to teach employees everything they need to know about the GDPR. Fortunately, IT Governance provides a variety of tools and services to help you achieve and maintain GDPR compliance.
We currently offer two books on the Regulation – a pocket guide and an implementation and compliance guide – which cover everything you need to know. You can demonstrate your organisation’s commitment to compliance by personalising these guides with your own company logo, thanks to the Branded Publishing Service.
This service adds credibility and gravitas to your staff awareness programme and increases your portfolio of materials. Books can be branded with your company logo and a bespoke foreword, and can also be customised to your company branding guidelines.
You might also be interested in our GDPR Staff Awareness E-learning Course. This online course provides an introduction to the GDPR, outlines the six principles for collecting and processing personal data and advises employees on how to apply these principles.