With 54 percent of U.S. companies citing GDPR readiness as top priority, this lack of understanding among the average U.S. employee could prove costly. Fines for GDPR non-compliance could total up to 4 percent of an organization’s annual global turnover or $27 million U.S. dollars, whichever is greater. The GDPR, which any organization worldwide must comply with if they handle the personal data of EU citizens, goes into effect May 25 this year.
- Fifty-nine percent of respondents said the GDPR was “completely new” to them
- Eight percent of respondents said they were unsure if they should report a cybercriminal stealing sensitive client data while at work
- Finance sector employees did not consider tax information any more sensitive than respondents from the six other industries, including education and healthcare, included in the survey
- Respondents in the technology sector demonstrated the least ability to correctly identify scenarios that could put private data at risk, such as reportable privacy incidents.
“Companies could be doing a better job educating their employees about how to handle sensitive data. It’s time to stop playing with fire when it comes to data privacy – before it’s too late,” said Steve Conrad, MediaPro’s managing director.
Other concerning results, including the lack of awareness employees have about privacy regulations and handling sensitive data in their personal and professional lives, underscore the need for a culture change around how sensitive data is considered and handled.
“With Data Privacy Day right around the corner and GDPR just months away, now is an ideal time for organizations who haven’t taken data privacy seriously to begin to do so,” said Tom Pendergast, MediaPro’s chief strategist for security, privacy, and compliance. “Data privacy is everyone’s responsibility, and organizations can prepare their employees to protect against threats through year-round privacy awareness training programs that addresses privacy concerns at the root of employee culture.”
For more information on the regulation, check out the GDPR full text.