New research by data destruction business, Shred-it has revealed that 84 per cent of UK small business owners (SBOs) and 43 per cent of senior executives of large companies are unaware of the forthcoming General Data Protection Regulation (GDPR) which will replace the current 1998 Data Protection Act on 25 May 2018.
Only 14 per cent of SBOs and 31 per cent of senior executives were able to correctly identify the fine associated with the new regulation, while more than half of SBOs (55 per cent) and approximately one third (31 per cent) of C-Suites said they do not monitor the frequency at which employees remove confidential information from the office.
The research also revealed 41 per cent of SBOs (an eight per cent increase from 2016) believe that the Government’s commitment to information security requires improvement.
As part of an overhaul of UK data protection laws, new proposals outlined by the government, will enable people to have more control over their personal data and be better protected in the digital age.
In a statement of intent the Government has committed to updating and strengthening data protection laws through a new Data Protection Bill which will also bring the European Union’s GDPR into UK law. It will provide everyone with the confidence that their data will be managed securely and safely, by including “tougher rules on consent, rights to access, rights to move and rights to delete data”.
The data protection regulator, the Information Commissioner’s Office (ICO), will also be given more power to defend consumer interests and issue higher fines to those organisations in noncompliance, of up to £17 million or four per cent of global turnover, in cases of the most serious data breaches.
Neil Percy, Vice President of Market Development & Integration at waste disposal company, Stericycle, commented: “Governmental bodies such as the Information Commissioner’s Office (ICO) must take a leading role in supporting businesses to get GDPR ready, by helping them to understand the preparation needed and the urgency in acting now. The closer Government, information security experts and UK businesses work together, the better equipped organisations will find themselves in May 2018.
“From ensuring greater transparency around the use of personal information to implementing stricter internal data protection procedures such as staff training and internal processing audits, businesses must be aware of how the legislation will affect their company to ensure they are fully compliant.”