New research from Kroll Ontrack, and Blancco shows that many businesses across Europe are unsure about the changes due in the new EU General Data Protection Regulation (GDPR) legislation.
While the GDPR legislation is still some way off – it probably won’t get full ratification and powers until 2016 – the level of knowledge amongst IT Directors is low. More than four out of five (81%) IT directors are unfamiliar with the legislation.
In essence the new GDPR is there to update and harmonise the data protection rules across the 28 EU member states and brings in new laws on disclosure and new fines. The original data protection legislation dates back to the early ‘90s and takes no account of the rise of the internet and the use of harvesting and using consumer data in ecommerce and the cloud.
The new laws will require businesses to report data breaches within 24 hours or face significant fines, and are at risk of large scale reputational damage. Data breach sanctions will range from €250,000 or 0.5% of annual worldwide turnover for less serious breaches, up to €100,000,000 or 5% of annual worldwide turnover for more serious infractions.
When enacted into law, it will require all businesses handling EU residents’ data to delete personal information on request or when it is no longer required by the organisation and encourage the use of auditable deletion procedures for companies processing personal data.
According to the research, three out of five (61%) IT managers said that their organisations have not taken measures to achieve compliance with the pending regulation, with more than half (55%) failing to review and adapt data destruction policies. A further quarter (25%) admitted to not having a process in place to deal with data destruction.
Paul Le Messurier, Programme and Operations Manager at Kroll Ontrack commenting on the legislation said “Organisations still have a great deal of work to do to ensure they comply with the data protection guidelines of the new GDPR regulation. Any business holding personal data on EU residents, be it online or offline, will have to abide by the new rules.”