British businesses are significantly less prepared for GDPR than their European counterparts, and are four times more likely to have allocated no budget to GDPR compliance than colleagues in France, Spain and even the US.
So says a study by Blancco Technology Group, which also found that UK firms are the least likely to have performed a data protection gap analysis in the past 12 months – and are the least likely to arrange one before 2018.
Among the other worrying findings is the fact that the majority of UK tech professionals rely on insecure and unreliable data removal methods, such as basic deletion and free wiping software.
The decision to leave the European Union was also found to be contributing to low UK levels of knowledge, as a quarter (25%) of UK tech professionals feel that their staff have issues with understanding the legal requirements of GDPR.
“The first priority for all companies should be to gain a complete picture of all data that is collected, stored or processed that contains EU citizen information,” said Richard Stiennon, chief strategy officer at Blancco Technology Group.
“After that, companies must ensure that adequate means of protecting that data have been implemented, such as access being restricted to authorised personnel, proper authentication being used and proper procedures for backing up and archiving data and data sanitisation policies being implemented to remove data when it is no longer needed or requested by customers. In addition, any third parties that have access to the data must be evaluated to ensure they too have adequate controls in place.”
12 months until GDPR D-Day: compliance fears rocket
12 months until GDPR D-Day: still not too late to act
GDPR countdown fuels warning of 4,500% rise in fines
84% of UK SMEs have still not heard of EU data reforms
ICO’s 2016 fines would rocket to £69m under GDPR
TalkTalk could have faced £70m fine under GDPR
20% of firms fear ruin as GDPR panic spreads globally
ICO insists GDPR guidance will cover legitimate interest
Industry on alert over third-party data legal crackdown
DMA joins forces in bid to demystify legitimate interests
GDPR consent updates spark chilling warning to brands
GDPR compensation to dwarf £30bn bill for PPI claims