Trend Micro’s recently published survey has revealed a worrying lack of recognition that GDPR is going to seriously impact UK business if left unmanaged. The results revealed a lax attitude about the severity of what is around the corner if data protection is not diligently overseen for compliance to ensure that employees, directors and decision makers all use data correctly. The survey stats revealed the following:
• Senior execs shunned GDPR responsibility in 57% of businesses.
• Only 21% of businesses surveyed currently have a senior executive involved in the GDPR process.
• 66% were dismissive about the amount they could be fined.
• 42% of businesses do not know that email marketing databases contain PII.
• In an example given, businesses were very uncertain as to who was accountable for the loss of EU data by a US service provider – with only 14% correctly identifying it is the responsibility of both parties.
• Businesses were broadly found to lack the expertise to combat threat:
o Only 34% have implemented advanced capabilities to detect intruders
o Only 33% have invested in data leak prevention
o Only 31% have employed encryption technologies
JP Norman, Amicus ITS Director of Technology, Security & Governance urged a proactive response without delay for anyone not already taking steps. “Any organisation that does not recognise the importance of GDPR compliance and data protection responsibility needs to wake up fast. A data breach after next May will no longer result in the organisation facing a slap on the wrist, some reputational damage and a manageable fine. We have worked closely with the ICO and recommend their 12 step guide as a starting point for review. Whatever challenges businesses think we may face through Brexit, GDPR has the potential to wipe businesses off the map entirely. For the public sector, where the purse is controlled by Government and ringfenced locally, this will become even more damaging – personally, financially and politically. However, whereas the cap is currently £500,000 till May 2018, this corporate penalty will rise to up to 4% of global turnover or a €20 million fine plus the potential of criminal prosecution thereafter. I would urge all organisations who have not begun their information audit to start now”.