General Data Protection Regulation

Employees Are The Greatest Risk To GDPR Compliance

According to a new survey by leading IT services firm Bluesource, most UK firms see their employees as top risk to compliance with the new European Union General Data Protection Regulations. The Survey revealed that employees are rated more of a risk than current IT systems.

The survey, that asked senior IT executives from medium to large UK organisations revealed that three fifths of them regarded employees as the biggest threat to compliance with the forthcoming European Union General Data Protection Regulations. However, just 40% of those IT executives questioned believed that their current IT systems could also pose compliance risks with less than a year to go to the introduction of GDPR on May 25 2018.

Other revelations from the report include that whilst 50% of those questioned are taking steps to prepare for the new European Union General Data Protection Regulations, worryingly 30% still believe the regulation will not affect them, and 20% are not sure what to do next. This confusion seems to be down to the UK leaving the EU, even though the UK data protection regulator, the Information Commissioner’s Office has said time after time that UK businesses must comply with GDPR. Deputy Information Commissioner Rob Luke recently said:

“The moment at which GDPR takes effect in the UK on 25 May 2018 will, of course, mark a change. In delivering legislation fit for the digital age GDPR confers new rights and responsibilities, and organisations need to be working now to prepare for them,” he said.

Jonathan Bamford, head of parliamentary and government affairs at the ICO reiterated this earlier this year at a Westminster eForum event in London. “The UK will still be in the EU when the GDPR comes into full effect and organisations will have to comply,” he said.  The fact is too that even if GDPR didn’t directly apply to the UK, because it covers any organisation that processes the data of European citizens it would still affect many UK businesses, regardless of whether the UK was a member of the European Union.

With just 10 months to go until the General Data Protection Regulations come into force, a huge 80% of those polled said that they face major challenges in being ready on time. Major challenges that were mentioned included increased security and governance around cloud environments such as Microsoft Office 365 and shadow IT.

Sean Hanford, information governance consultant at Bluesource, said the research across UK organisations indicates that a gap remains between GDPR awareness and action.

“There must be a swift attitude change towards data protection and staff clearly require better skills so that they become more data savvy,” he said.


Add comment