Sunbury-on-Thames, UK – Despite the deadline for compliance with the EU’s General Data Protection Regulation (GDPR) having now passed, only 37% of UK respondents are very confident their company has fully adhered to new legislation which imposes strict new rules on the handling of customer personal data. That’s according to a survey conducted by Kingston Digital, Inc., during the week following the May 25 cutoff date when the rules came into force.
The survey of 500 UK nationally representative respondents found only 61% were aware of IT policy changes to ensure GDPR compliance, while 31% did not feel personally responsible for helping meet compliance standards at their company.
22% of respondents reported that their company has decided against implementing rules that would restrict the use of insecure USB data storage devices in the workplace, with another 13% reporting their company has introduced a blanket ban on all removable storage. Over half of respondents were unaware of removable storage products with enhanced data security functions, such as the ability to secure and remotely remove content if devices are lost.
“This survey is alarming news for some businesses, who haven’t done enough to meet the requirements of GDPR, even though the legislation has already come into force,” said Valentina Vitolo, EMEA Flash Business Manager at Kingston Technology. “What’s more, a third of respondents felt disengaged from the process of their company’s GDPR compliance process – which shows some firms are taking a big risk by not educating their team members properly on the required changes to business practices in order to ensure data does not end up in the wrong place.”
“For example, by leaving sensitive information on unencrypted devices, which may be lost or stolen, a firm runs the risk of facing penalties imposed by the Information Commissioner’s Office to enforce the regulations, which can include heavy administrative fines.”
“Transitioning to encrypted storage devices can help companies continue to operate in much the same way they did before GDPR came into effect, without the fear that personal data may end up in the wrong hands, or the need to impose restrictions on the use of portable storage, which could have a very negative effect on business efficiency.”
“The far-reaching consequences of GDPR affects every company’s IT policy, particularly regarding storage of customer data. Within some companies, there remains a lack of understanding as to how these requirements are best met.”