UK businesses fail to prepare for upcoming changes to EU data laws

Only half of UK firms are aware of the shake up, survey finds

UK businesses are unprepared for next year's changes to EU data protection laws, a survey has found.

The study - carried out on 850 senior IT decision makers across Europe on behalf of security firm Trend Micro - found that half of the 250 UK respondents were unaware of the impending legislation changes to the EU Data Protection Regulation.

Perhaps more alarmingly, only 10 percent said they fully understand the steps their organisation needs to take in order to ensure compliance.

UK responses contrasted sharply with Germany, where 87 percent of the 100 IT decision makers surveyed said they were aware of the upcoming legislation changes.

The EU Data Protection Regulation is a set of legislation that aims to comprehensively reform data protection, strengthen online privacy rights and boost Europe's digital economy. The introduction of the new legislation means that businesses will only have to deal with one supervisory authority rather than different ones in different member states.

The regulation states that EU citizens have the right to be forgotten, which means that unless there is a legitimate reason for preserving it, a company will have to delete an individual's data. The regulation has a number of other components, including making it easier for citizens to access their data.

If the regulations are broken then fines as high as 100 million (£82.4 million), or 5 percent of a non-compliant business's global turnover, can be issued, depending on whichever is greater.

A quarter of British businesses said they had no idea fines were going to be issued if the regulations were breached, compared to 95 percent of German respondents.

James Walker, a security adviser at Trend Micro, said: "The government needs to needs to ensure that our businesses are ready. They need to be creating advisory groups to help business understand what the regulation means and what technology and processes need to be in place."

Of the British respondents, 85 percent said they believe their organisation faces significant challenges in order to meet the demands of the new legislation, while 25 percent said they don't realistically think businesses will be able to adhere to it.

They cited a lack of employee awareness and restricted resources as the main barriers that will prevent British businesses from adhering to the new legislation.

"With ratification expected in 2014, it's alarming to see how little is known about such key privacy regulations," added Rik Ferguson, VP security research at Trend Micro. "This effects every organisation, regardless of size. If a company processes data then it needs to be aware.

"As companies look to gain maximum value from a new generation of big data projects, data privacy should be a board level discussion. This is not just an IT issue, duty to comply falls to everyone from receptionist right up to the CEO."

In order to try and ensure their businesses comply with the new regulations, 57 percent of IT decision makers said they plan to increase employee training on data protection, while 51 percent said they plan to increase investment in IT security.

Join the CSO newsletter!

Error: Please check your email address.

Tags trend microsecurity

More about EUTrend Micro Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sam Shead

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place