Half of employees not aware of their company's GDPR preparations
With GDPR coming into force at the end of this week, new research from Egress Software Technologies found over half of respondents were in the dark about what their company was doing to prepare for the legislation.
Only 43 percent of the 1,000 respondents were aware of preparations, there is also a lack of awareness surrounding personal data in general. One in 10 are unaware they are handling personal data in their day-to-day jobs and 57 percent are unable to correctly identify when it would need to be protected.
When presented with categories of personal data -- such as addresses, phone numbers and email addresses, dates of birth, and financial information -- and asked which information they would need to protect in an email attachment, only 43 percent correctly identified that all of the data would need to be protected. What’s more, 20 percent outright admitted that they didn’t know if any of it would need to be secured.
This is concerning in the light of last week's ICO report showing that emailing personal data to the incorrect recipient was the most common data security breach in the UK between January-March this year.
Tony Pepper, CEO of Egress says:
Over the past two years, GDPR has been effective in pushing data protection up the boardroom agenda, and technology and compliance teams have been working overtime to make sure their organizations are ready. However, data security doesn't stop at their office doors.
This survey shows over 50 percent of staff do not have a clear understanding of what their company is doing to prepare for GDPR, despite three-quarters of staff handling personal information on a daily basis. Combined with the ICO's findings last week that human error accounted for the top five most common security incidents last quarter, this suggests a worrying disconnect between what organizations have agreed at a corporate level versus the communication and education of employees who will need to act out these changes. With GDPR only days away, organizations have a huge amount of work left to do if they are to ensure their staff don't unwittingly put their businesses at risk.
Among other worrying findings are that 20 percent of people admit to using personal apps or web services to share company documents. Personal email is the most common with 12 percent of respondents choosing it as one way to quickly share documents, while other answers included social media (seven percent), messaging apps (seven percent) and personal cloud (three percent). In addition just 49 percent feel that their company is doing enough to protect personal data in light of recent breaches.
You can find out more about preparing for GDPR on the Egress website.