With the General Data Protection Regulations (GDPR) looming, it seems that British businesses may have a long way to go when it comes to straightening up to comply with the new European regulations.
They come in to force in May next year – the clock is ticking!
It appears that firms in Britain may reportedly have a culture of keeping data breaches a secret and not reporting them; perhaps for fear of repercussions or simply because they don’t know what to do. But such behaviour simply will not do…
About the research
Censuswide created the Crown Records Management Survey and polled 408 IT managers in companies across the country for firms containing 100 to 1,000 employees. According to the findings, a staggering one-third of the IT managers questioned admitted to failing to disclose a data breach.
The poll doesn’t identify what the exact reasons for keeping quiet are, but the practice is unquestionably dangerous.
Data breaches are gaining more recognition in the news for the serious implications they can cause for consumers, patients, the government and other businesses. The GDPR are set to force data protection to be taken much more seriously with stronger protections and even stronger powers given to authorities to punish offenders. A culture of secrecy will not be tolerated – British businesses will need to overhaul their data breach reporting policies to ensure they follow the rules or face huge fines.
Other worrying statistics from the poll
Here are some other worrying statistics from Censuswide’s poll:
- 32% know a colleague who has not reported a data breach
- 31% have delayed reporting a data breach to senior management and appropriate authorities
- 29% chose not to report a data breach to senior management and the authorities
- 27% know a colleague from their previous company who has not reported a data breach
- 14% don’t know who/where to report a data breach
- 8% don’t even know what counts as a data breach
Worrying results
These statistics paint a concerning picture for British businesses with potential data breaches being swept under the carpet. The widespread lack of awareness and reporting of data breaches shows that companies are not doing enough to educate their employees about data protection and what should be done about it.
British companies would do well to make changes far in advance of May 2018 when the GDPR kicks in. The new laws will arm regulators with the power to fine firms up to 20 million Euros or 4% of total global turnover; whichever is the largest. New rules will also include the requirement to report a data breach within 72 hours.
Are there variances across sectors?
The poll also looked at whether the practices in data breaches reported varied across different sectors. They found some alarming results:
- The finance sector had the highest statistic for knowing a colleague who had not reported a data breach, coming in at 43%
- The retail sector also seems to be lacking in awareness and understanding as 20% did not know who to report a data breach to, and 17% didn’t even know what constitutes as one
An unsustainable approach
Businesses need to recognise how important data protection is and take appropriate action in implementing measures within their organisation as soon as possible. Data breaches are on the rise and businesses who neglect their cybersecurity and damage control may not last long.
The British government, regardless of bickering over Brexit, acknowledge the importance of data protection and have said they will be enforcing the GDPR to ensure businesses are looking after their consumer’s personal data and have the protections and safeguards to limit any damage should a data breach occur. As such, leaving the EU will not stop these new regulations coming in to force, meaning the current state of play remains an unsustainable approach.
Businesses must shape up or face the consequences!