The European Commission has published additional guidance on the upcoming General Data Protection Regulation and how it is expected to affect businesses. The document aims to summarise the purpose and benefits of the GDPR, while also outlining steps that organisations need to take in preparation for the regulation and discussing the steps that the Commission plans to take in the coming months. The European Commission has also taken this opportunity to launch a new online tool to help businesses (particularly small and medium-sized enterprises) meet GDPR compliance in time for the May 25th deadline.
A recent government survey indicates a lack of GDPR awareness among businesses and other organisations
The new European Commission guidance, which can be viewed here, highlights the work that they have done to help organisations, in both the public and private sector, prepare for the GDPR. The Commission has also set up a panel of experts to “accompany member states in their effort to prepare for the regulation”. The group has been accommodating the sharing of expertise and advice between member states and the European Commission, and has met 13 times to date.
Over the coming months, the European Commission will continue to invest in data protection authorities all over Europe, as well as making funding available to national authorities in order to reach out to businesses – in particular the SME sector.
Government Survey Shows Lack of GDPR Awareness Among Businesses and Charities
In other GDPR news, a recent cyber security survey has shown up a worrying lack of GDPR-awareness among businesses and other organisations. Of the businesses surveyed, only 38% had even heard of the GDPR. Charities fared slightly better, with 44% of those surveyed stating that they were aware of the GDPR. With less than four months to go until the GDPR is in full effect, these figures paint a very troubling picture.
Some key findings:
– Only 36% of organisations that were aware of the GDPR had actually created or amended policies or procedures in preparation
– Just 21% of businesses and 10% of charities had provided any additional staff training (a key requirement of the GDPR)
– A shocking 6% of businesses and 12% of charities had installed, changed or updated their antivirus software to next-generation
As can be expected, GDPR-awareness was found to be higher in larger charities and businesses. In the private sector, it was revealed that the highest levels of GDPR-awareness were found in the finance and insurance industries (79%) and information and communications industries (67%), with the lowest rates of awareness among the construction (25%) and production and manufacturing industries (27%).
National data protection authorities have been keen to emphasis that fines for data breaches under the GDPR will be taken on a case by case basis – while the maximum fine is €20 million or 4% of global turnover, organisations who have made reasonable and well-documented attempts to improve their security and compliance will receive lower fines.
How Do I Prepare my Business for the GDPR?
For businesses who have not yet begun to prepare for the GDPR or who are not close to compliance, it is strongly advisable to get a robust framework in place as soon as possible, or they may face the larger fines come May 25th. Tech Guard offers an IT Essentials bundle to help you prepare for the technological aspect of the GDPR – contact us and see how we can assist your compliance!