According to a new survey, most UK companies have not informed their workers of the upcoming European Union (EU) General Data Protection Regulation (GDPR).
It comes into force in the UK next year and will change the way that personal information is handled by companies. It will enforce strict fines on businesses that suffer data breaches, as well as impose restrictions on what companies are allowed to do with people’s data. It replaces the Data Protection Act of 1998.
The survey, by Netskope, revealed that some 70 per cent of workers said they have not been told about GDPR. This is compared to just three in ten workers, of 2,000 employees, who said they were aware of it. A total of one in five said they have been offered “plenty” of information about the changes.
A total of 63 per cent of those surveyed said they had never heard of the legislation, with 13 per cent saying they had a general understanding of it.
Speaking to ITPro.com, Netskope vice-president of the EMEA region André Stewart said: “Organisations have a lot of work to do in order to educate employees on the GDPR and the safe data handling behaviour needed to achieve compliance.
“Employers will need to show that they have trained their employees on the GDPR to achieve compliance. The amount of effort put into coaching employees on secure data handling is likely to be one of the questions regulators ask when deciding whether to penalise organisations.”
It means that cloud security has to become a real focus for enterprises, with the UK government planning to introduce equivalent legislation when the country leaves the EU. The fines for not protecting people’s information will be up to four per cent of a business’ annual turnover, or €20 million (£17 million), whichever is the larger sum.