The proposed EU General Data Protection Regulation could spell trouble to UK businesses, says independent IT integrator SecureData, as its “EU General Data Protection Regulation – UK Enterprise Inquiry” reveals wide-ranging concerns on the legislation and possible “collateral damage” to UK businesses.
During the inquiry, SecureData commissioned a Vanson Bourne survey of 100 senior IT managers in large UK enterprises (more than 1,000 employees) across the financial services, manufacturing, retail, distribution/transport and other commercial sectors.
Results showed that a high proportion of senior IT managers (94 per cent) have some level of responsibility regarding compliance.
Key findings include:
- 72 per cent of respondents from the largest businesses (3,000 employees+) said the draft data protection rules would cost their business more
- Limited agreement (64 per cent and 58 per cent) that the proposed regulations would improve business security processes and consumer data protection
- 40 per cent think the proposed 24-hour deadline for notifying individuals of a data breach would advertise security weaknesses before an appropriate security review could be completed
- 36 per cent fear “false alarms” from pressures to notify of data breaches quickly to avoid fines
- 26 per cent envisage their enterprise outsourcing the new data protection officer job role requirement
One of the controversial proposed requirements promises internet users the “right to be forgotten”, that would allow people to ask for data about them to be deleted. Organizations will have to comply unless there are “legitimate” grounds to retain it.
Carl Shallow, head of compliance at SecureData, comments: “Consumers may have a right to be forgotten, but hard-working growth businesses have a right to be remembered. The new internet economy is vital to Europe’s economic recovery and the need for increased data protection must be finely balanced with freedoms for technological and business model innovation. Fears overs unintended collateral damage from this legislation clearly need to be reviewed.
“Across the enterprise questions must be asked about exactly what is sensitive data and where does it reside. There is frequently an abundance of “lost’ unstructured data siloed across the largest organisations’ IT estates. The new act is an ideal opportunity to review data governance procedures and management solutions.”