A new study has revealed a worrying number of UK decision makers believe that the new European Union General Data Protection Regulations are “not relevant” to them.
The survey was carried out by NTT Security, one of the world’s leading information and risk management companies that work across the world with global companies, government agencies and fast growing, market leading organisations to provide a consistent approach to practical security solutions. The survey questioned 1350 non-IT executives across 11 countries.
Worryingly, the results indicated that just 39% of UK respondents thought that the new European Union General Data Protection Regulations will apply to them, the lowest of all of the European countries surveyed which included France, Sweden, Switzerland, Norway and Germany. A further 20% in the UK said that they simply did not know which suggests many are simply in denial of their future obligations under GDPR.
This could prove to be costly as failure to comply with the new regulations could see organisations face fines of up to €20 million or 4 per cent of global annual turnover, whichever is higher.
“In theory, UK organisations should be well ahead of the curve when it comes to the EU GDPR, given that it is a European data protection initiative,” comments Linda McCormack, Vice President UK & Ireland at NTT Security. “You would hope that the date of 25 May 2018 is clearly marked in the calendars of any business, UK or otherwise, that collects or retains personally identifiable data from any individual in Europe. And Brexit is no excuse, as UK companies will still need to comply when dealing with countries in the EU. What’s clear from our report is that a significant number do not yet have it on their radar or simply do not know if it applies to them. The fact they do not know means there is no plan of action in place.”
“While our respondents are not in an IT function, they should still be aware of any new compliance regulations affecting their company’s security and data, especially as the implications of non-compliance are very serious. The problem is that many see it as a costly and time-consuming exercise that delivers little or no value to the business, yet without it, they could find themselves losing customers, or having to pay very large regulatory fines.”
The news does not really come as much of a surprise as several studies have been done recently on attitudes to the forth coming European Union General Data Protection Regulations, all of which have had worrying findings. Consult Hyperion’s recent study found that companies and other organisations across Europe are significantly underestimating the impact of the new European Union General Data Protection Regulations. Studies by both Nexsan, the leading cloud service provider and Hamlins LLP, the leading law firm also found that organisations in the UK are significantly underestimating the effects the new European Union General Data Protection Regulations.