Only half of IT decision makers in the UK know about the coming EU Data Protection Regulation, according to a recent survey. By contrast, in Germany 87% are aware of it. The research was conducted by security software company Trend Micro and included 850 senior IT decision makers from various European countries.
The UK respondents numbered 250 and just 10% said they knew and understood what measures their organisation needs to implement to ensure compliance. More than eight in 10 thought compliance with the data protection regulation was a considerable challenge, and a quarter said they considered observing the regulation unrealistic. Lack of awareness among employees and restricted resources were pointed to as the biggest hindrances.
The proposed regulation's goal is to comprehensively reform data protection, boost online privacy rights and support the growth of Europe's digital economy.
In cases of non-compliance, fines will be imposed that could reach €100 million. Almost a quarter of the UK respondents were not aware of the proposed fines.
The new EU Data Protection Regulation is expected to be ratified this year and may catch IT decision makers in the UK unprepared. According to Rik Ferguson, vice president of Security Research at Trend Micro, data privacy ought to be a board-level discussion. He also said that it's everyone's job in an organisation to make sure compliance is achieved.
Ferguson added that it is alarming businesses know so little about key privacy regulations, as they affect all companies that process data, be they large or small.
He advised businesses to start by assessing where their organisation currently is with regard to what data it stores, how that data is processed and what policies govern it. Then they will be able to identify weak spots and work towards strengthening them, so they can move up the compliance scale.