IT managers 'in the dark' on EU data rule
An alert that “applying and enforcing” a new EU data protection rule will be the framework’s big challenges seems premature, as four in five IT managers haven’t even a clue what it is.
Indicating that ‘educating’ will be the rule’s first major hurdle, a survey of 660 IT managers shows that 81 per cent are “unfamiliar” with the General Data Protection Regulation (GDPR).
But somehow just over half the IT managers know that the GDPR will impact their outfit, even though a larger proportion (61%) admit no steps have been taken to comply with it.
“[They] still have a great deal of work to do”, reflected Kroll Ontrack, which ran the survey. “Any business holding personal data on EU residents…will have to abide by the new rules.”
At its simplest level, the GDPR aims to unify data protection laws to meet the challenges of the digital age and in particular, strengthen the protection of online personal data.
But it will also impose new obligations on ‘processors,’ which would include IT contractors handling data for a client. Also new is a ‘breach notification requirement,’ and penalties.
In fact, once GDPR passes into law, sanctions for non-compliance start at €250,000 (or 0.5% of annual worldwide turnover) and go up to €100,000,000 (or 5% of annual worldwide turnover).
The larger penalty is reserved for serious infractions of the rules, which require all firms handling EU residents’ data to delete personal information on request or when not required.
As a result, pointed out the survey’s partner Blancco, the upcoming framework encourages the use of auditable deletion procedures for outfits that control and process personal data.
Not helping firms is their own staff. In particular, more than a third of employees told Kroll that they download personal files, and 29 per cent install personal apps, on work devices.