- Security TWENTY Home
- Women in Security Awards
With less than nine months to go before the General Data Protection Regulation (GDPR) become enforceable in the European Union (EU), there’s an inconsistency of readiness levels across IT decision makers in Europe, according to an It security product company.
Despite its 2016 vote to leave the EU, the UK will still fully comply with the GDPR. It joins France, Germany, Italy, Spain and the Netherlands in demonstrating much higher levels of readiness compared to their counterparts in Belgium, Portugal, Denmark and Norway, says Kaspersky Lab.
When it comes to being aware of the GDPR, due to come into force in May 2018, Belgian IT professionals showed the least awareness by a fair way – despite the law being passed in their capital. Considering the potential financial penalties of non-compliance (up to 4 per cent of an organisation’s global turnover), a third (32 per cent) stated they had no awareness other than hearing the name and 16 per cent admitted they had no awareness at all.
This response was in contrast to the UK, where half (49 per cent) of respondents felt they have a good knowledge of the GDPR, closely followed by France (47 per cent), Germany (46 per cent) and Italy (46 per cent). This is certainly positive news for consumers, who are now paying more attention to how businesses handle their personal data.
That low awareness displayed by Belgian employees also translates into a lack of confidence in the ability to comply with GDPR, with 29 per cent of IT professionals in Belgium believing their organisation will not be fully compliant by the deadline, compared to only 13 per cent in Italy and 18 per cent in Spain. In addition, a third (33 per cent) of IT decision makers in Belgium and 46 per cent of those in Norway admitted they are not confident that those responsible for handling personal data in their organisations are aware that existing laws are changing.
The outlook is more positive for the EU “big five,” which are leading the way in terms of preparation. Four out of five of those questioned in the UK (82 per cent), France (82 per cent), Germany (84 per cent), Italy (85 per cent) and Spain (84 per cent) stated that preparations are well underway. However, 29 per cent of IT professionals in Denmark have made little or no preparations, closely followed by Portugal (26 per cent), Norway (25 per cent) and Belgium (18 per cent).
One in five (19 per cent) Belgian IT professionals are also unsure if preparations within their company have even started – a serious concern given that businesses have less than a year to become compliant, or face the risk of hefty financial penalties and reputational damage.
Adam Maskatiya, General Manager, UK and Ireland said: “The lack of awareness and action towards the GDPR by the IT profession across pockets of Europe is worrying. Many businesses are putting themselves and their clients at risk by not making vital preparations and changes now to the way personal information is harvested and secured. Many of the businesses affected by the legislation will have operations across Europe so the preparation gap is particularly alarming as such businesses should be sharing information about compliance across their business and have a clear point of responsibility within their company.
“The deadline is the same for every company no matter their size, industry or location, so action needs to be taken now to get data handling practices up to scratch before the wrath of the regulators makes the impact of GDPR a bitter pill to swallow, rather than a good thing for the data health of an organisation.”
About the research
It questioned over 2,000 IT decision makers in organisations with more than 50 employees; in 11 European countries – the UK, France, Germany, Italy, Spain, Belgium, Netherlands, Portugal, Sweden, Denmark and Norway. Go to: https://www.kaspersky.co.uk/gdpr.