UK businesses fail to prepare for upcoming changes to EU data laws

UK businesses are unprepared for next year's changes to EU data protection laws, a survey has found.

The study - carried out on 850 senior IT decision makers across Europe on behalf of security firm Trend Micro - found that half of the 250 UK respondents were unaware of the impending legislation changes to the EU Data Protection Regulation.

Perhaps more alarmingly, only 10 percent said they fully understand the steps their organisation needs to take in order to ensure compliance.

UK responses contrasted sharply with Germany, where 87 percent of the 100 IT decision makers surveyed said they were aware of the upcoming legislation changes.

The EU Data Protection Regulation is a set of legislation that aims to comprehensively reform data protection, strengthen online privacy rights and boost Europe's digital economy. The introduction of the new legislation means that businesses will only have to deal with one supervisory authority rather than different ones in different member states.

The regulation states that EU citizens have the right to be forgotten, which means that unless there is a legitimate reason for preserving it, a company will have to delete an individual's data. The regulation has a number of other components, including making it easier for citizens to access their data.

If the regulations are broken then fines as high as 100 million (£82.4 million), or 5 percent of a non-compliant business's global turnover, can be issued, depending on whichever is greater.

A quarter of British businesses said they had no idea fines were going to be issued if the regulations were breached, compared to 95 percent of German respondents.

James Walker, a security adviser at Trend Micro, said: "The government needs to needs to ensure that our businesses are ready. They need to be creating advisory groups to help business understand what the regulation means and what technology and processes need to be in place."

Of the British respondents, 85 percent said they believe their organisation faces significant challenges in order to meet the demands of the new legislation, while 25 percent said they don't realistically think businesses will be able to adhere to it.

They cited a lack of employee awareness and restricted resources as the main barriers that will prevent British businesses from adhering to the new legislation.

"With ratification expected in 2014, it's alarming to see how little is known about such key privacy regulations," added Rik Ferguson, VP security research at Trend Micro. "This effects every organisation, regardless of size. If a company processes data then it needs to be aware.

"As companies look to gain maximum value from a new generation of big data projects, data privacy should be a board level discussion. This is not just an IT issue, duty to comply falls to everyone from receptionist right up to the CEO."

In order to try and ensure their businesses comply with the new regulations, 57 percent of IT decision makers said they plan to increase employee training on data protection, while 51 percent said they plan to increase investment in IT security.

This story, "UK businesses fail to prepare for upcoming changes to EU data laws" was originally published by Techworld.com.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Related:
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.