EU Data Protection

Europe meets today (June 24) in bid to ratify changes in data protection regulation – but survey shows 1 in 5 UK businesses are totally unaware.

Crown Records Management survey of IT decision makers reveals companies are woefully unprepared for EU General Data Protection Regulation.

European politicians meet today (June 24) in a bid to ratify huge changes in data protection regulation – but a survey has revealed UK businesses are woefully unprepared.

The EU General Data Protection Regulation aims to unify data protection across Europe with a single law and will be fine-tuned in Brussels at a ‘trilogue’ meeting of the EU Commission, European Parliament and the Council of the EU.

Once passed, it will bring with it huge fines (up to 100m Euros or two per cent of global turnover) for companies that breach the regulation – as well as a raft of new rules about collecting, editing and processing the personal data of European citizens. Many companies will also be compelled to employ at Data Protection Officer for the first time.

Experts predict it will affect every single company that operates from within the EU, does business with companies inside the EU, stores its data in EU member countries or handles the personal data of European citizens.

However a Crown Records Management Censuswide survey of IT decision makers at UK companies with more than 200 employees revealed businesses here are painfully unprepared – and one in five hasn't even heard of the Regulation.

Results include:

  • One fifth of decision makers (19.6 per cent) are totally unware of the changes
  • One third of decision makers aged 55+ (29.4 per cent) know nothing about the challenges ahead
  • A quarter of businesses (25.3 per cent) will wait for the final details of the Regulation before taking any action at all
  • Half of companies (52 per cent) who know about the Regulation still aren’t currently reviewing policies
  • Nearly half of decision makers in companies with a turnover of more than £500m (42.5 per cent) are ‘not really concerned’ or ‘not concerned at all’ about the impact of the new structure.
  •  Almost two-thirds (63 per cent) have not yet appointed a Data Protection Officer, which will soon become compulsory for many companies
  • Three-in-five (59 per cent) have no plans in place to train staff despite the changes looming