Lack of knowledge of GDPR puts UK firms at risk

Now that the EU General Data Protection Regulation (EU GDPR) has been formalised, businesses have two years to comply, or face fines and other consequences.

Following the announcement, security firm Trend Micro asked 100 IT decision makers if they're aware of the new regulations, and if they know what needs to be done, and how do make those steps in order to comply.

According to the report, the companies are still unaware, with many not knowing the regulation came into law, and others not knowing what steps to take.

A fifth of IT decision makers (20 per cent) in the UK weren't aware of the formalised GDPR. Among SME's (small and medium-sized enterprises), public sector, construction and engineering firms, the percentage goes up to almost 50 per cent.

More than half (55 per cent) know about the new regulations, but 8 per cent don't know what steps to take in order to comply. Almost a quarter (25 per cent) know they need to hire a data officer.

Moreover, 18 per cent don't know they might be fined if they don't comply, while 32 per cent know about the fines, but don't know how high they can go.

“As it often happens with regulation, it’s going to take a whipping boy to understand the gravity of the situation for most organisations,” says Rik Ferguson, Global VP of Security Research at Trend Micro. “One high-profile case of a company handing money over for non-compliance under GDPR will be the required wake-up call the rest of the industry needs to get their act together.”

Image Credit: wavebreakmedia / Shutterstock