66% have not heard about GDPR legislation

Data protection

Two-thirds (66%) of respondents have no knowledge of General Data Protection Regulation (GDPR) legislation, or have any plans in place to prepare to comply with the upcoming legislation, according to research by DocsCorp.

Its survey of 200 UK small and medium-sized enterprise (SME) employers also found that 30% of respondents did not have an awareness of metadata, which is a set of data that describes and gives information about other data sets. Under GDPR legislation, employers will have increased responsibility for handling metadata.

The research also found:

  • 47% of respondents handle sensitive information, such as names, addresses and bank details, that might be transferred between computers using metadata and would therefore need to comply with the new data handling legislation.
  • 67% of respondents working in the finance sector do not have an awareness of metadata.
  • 100% of respondents who work in the legal sector know what metadata is and already have systems in place to manage it. This compares to 50% of respondents from the public and government sector, and 43% of respondents based at life sciences organisations.
  • 58% of respondents provide their employees with remote-working opportunities, which may mean they are under increased pressure to ensure the safe transfer of data.

Sign up to our newsletters

Receive news and guidance on a range of HR issues direct to your inbox

This field is for validation purposes and should be left unchanged.

Ben Mitchell, vice president at DocsCorp Europe, Middle East and Africa, said: “There are a number of important steps that businesses should take before the May 2018 deadline. Firstly, evaluate all internal operations that involve the handling of secure data. Identify any areas that might present the risk of a data breach, and design processes to minimise that risk. Train employees where necessary, and implement smart systems and software to ensure security.

“Finally, understand the processes for reporting any breach to the proper [European Union] authorities, because failure to report may escalate sanctions, penalties and fines, which can be up to €20,000,000, or 4% of [the] organisation’s global turnover, whichever is higher.”