Two thirds of UK SMEs not ready for GPDR
The European Union’s new data protection legislation will apply not only to organisations in all EU member states, but also non-EU organisations that trade with EU ones.
A massive two thirds of small-to-medium business owners in the UK have either never heard of, or have no plans in place to tackle, the European Union’s new data protection legislation.
The General Data Protection Regulation (GDPR) will apply not only to organisations in all EU member states, but also non-EU organisations that trade with EU ones.
It is intended to provide a single set of unified rules for handling data protection across Europe and comes into force in May 2018. Failure to comply could lead to fines of up to E20 million (US$24 million) or 4% of an organisation’s turnover, whichever is higher.
But despite their lack of readiness to deal with GDPR, a survey undertaken by document management system provider DocsCorp revealed that 47% of UK employers regularly handled sensitive information such as names, addresses and bank details, which could be transferred between computers in different geographic locations using metadata. Such a scenario would mean they were required to comply with the new law.
Worryingly, however, just under a third did not know what metadata was or why it was important, a figure that rose to just over two-thirds in the financial services sector, half in the public sector and government and 43% in life sciences.
Ben Mitchell, vice president of DocsCorp Europe, the Middle East and Africa, warned that it was vital for organisations to start evaluating all internal operations that handle secure data to identify areas that could be at risk of a data breach.
“Design processes to minimise that risk. Train employees where necessary, and implement smart systems and software to ensure security,” he said. “Finally, understand the processes for reporting any breach to the proper EU authorities as failure to report may escalate sanctions, penalties and fines.”