With less than two months remaining until the European Union's General Data Protection Regulation (GDPR) goes into effect, research from MediaPro shows more than half of U.S.-based employees have never heard of the forthcoming regulation. With 54 percent of U.S. companies citing GDPR readiness as a top priority, this lack of understanding among the average U.S. employee could prove costly.
Fines for GDPR noncompliance could total up to four percent of an organization's annual global turnover or $27 million (U.S.), whichever is greater. The GDPR, which any organization worldwide must comply with if they handle the personal data of EU citizens, goes into effect May 25, 2018.
The GDPR addresses data privacy and applies to all companies processing the personal data of individuals (employees, customers, suppliers) residing in the European Union (EU), regardless of the company’s location. It specifies how businesses should treat the data they collect, store, process, and destroy and what types of notifications and consents need to take place.
More information about this sweeping regulation can be found here, along with FAQs for businesses.
When it comes to data privacy knowledge or best practices, it appears there is still a lot of education to do. MediaPro's 2018 Eye on Privacy Report, a survey of more than 1,000 U.S. residents, identified that many do not know when to report potential privacy incidents, what qualifies as sensitive data, and how often they grant access to third-party applications on phones or mobile devices.
Other findings of the report included:
- Fifty-nine percent of respondents said the GDPR was "completely new" to them.
- Eight percent of respondents said they were unsure if they should report a cybercriminal stealing sensitive client data while at work.
- Finance sector employees did not consider tax information any more sensitive than respondents from the six other industries, including education and healthcare, included in the survey.
- Respondents in the technology sector demonstrated the least ability to correctly identify scenarios that could put private data at risk, such as reportable privacy incidents.
Other concerning results, including the lack of awareness employees have about privacy regulations and handling sensitive data in their personal and professional lives, underscore the need for a culture change around the way sensitive data is considered and handled.
Source: CCH/Wolters Kluwer; www.eugdpr.org