With the rollout of GDPR in May 2018, businesses here, there and everywhere were galvanised into action, making sure that their processes and procedures where personal data and sensitive information are concerned were completely compliant.
Or so we all thought. New research has just revealed that 30 per cent of businesses in Europe admit they’re still not compliant with the new regulations – despite the fact that it’s been more than 12 months since the rollout.
The study, carried out by the European Business Awards on behalf of audit, tax and consulting brand RSM, found that despite fines being handed out over the last 12 months or so, just 57 per cent of companies feel confident that they’re following the rules.
That being said, GDPR is having a positive impact with regards to cyber security inside the EU. Some 73 per cent of businesses said the regulations have helped them improve how they manage customer data, with 62 per cent saying they have invested more in cyber security as a result.
With regards to the compliance gap, it seems there isn’t just one single issue as to why it exists. Middle market companies appear to be struggling to understand and implement numerous areas covered by GDPR, with 38 per cent saying of those companies that are non-compliant failing to understand when consent is required to hold and process data.
What’s more, 35 per cent aren’t sure how they monitor employee use of personal data and 24 per cent don’t know what procedures are necessary to make sure that third party supplier contracts comply.
“With so much pressure on organisations to meet complex requirements, we saw GDPR fatigue setting in last year. Middle market businesses were overwhelmed by information from the press, industry bodies and stakeholders. Many organisations simply gave up and reverted back to the old way of doing things.
“But there are signs that this fatigue is about to fade. High-profile fines across Europe have demonstrated that regulators across the EU are serious about enforcement. Businesses are scrambling to catch up once again,” technology risk assurance at RSM UK Steven Snaith said.
He went on to add that in order to ensure compliance with GDPR, businesses need to note that it’s more far-reaching than policies, procedures and training, and it’s essential that technological controls are robust enough to prevent leakage of and access to personal data.
The Information Commissioner’s Office has just fined British Airways £183.39 million for breaches of data protection law, relating to a cyber incident in September last year. An investigation found that information was compromised because of poor security arrangements, including log in, payment card and travel booking details.
As you can see, you could run the risk of a serious fine if you’re not careful – so do make sure you’re fully compliant or perhaps live to regret it.
For help with IT support in Doncaster, get in touch with us today.