With just five months remaining until the EU’s General Data Protection Regulation (GDPR) goes into effect, new research from MediaPro shows more than half of US-based employees have never heard of the forthcoming regulation.
With 54 percent of U.S. companies citing GDPR readiness as top priority, this lack of understanding among the average U.S. employee could prove costly. Fines for GDPR non-compliance could total up to 4 percent of an organization’s annual global turnover or $27 million U.S. dollars, whichever is greater. The GDPR, which any organization worldwide must comply with if they handle the personal data of EU citizens, goes into effect May 25 this year.
This data on GDPR awareness comes from MediaPro’s 2018 Eye on Privacy Report, a survey of more than 1,000 U.S. residents testing their knowledge on data privacy best practices and both global and national privacy regulations. Topics included when to report potential privacy incidents, what qualifies as sensitive data, and how often they grant access to third-party applications on phones or mobile devices.
Additional findings of the report include:
- Fifty-nine percent of respondents said the GDPR was “completely new” to them
- Eight percent of respondents said they were unsure if they should report a cybercriminal stealing sensitive client data while at work
- Finance sector employees did not consider tax information any more sensitive than respondents from the six other industries, including education and healthcare, included in the survey.
- Respondents in the technology sector demonstrated the least ability to correctly identify scenarios that could put private data at risk, such as reportable privacy incidents.
“With these survey results and the surprisingly low levels of privacy and security awareness found in our recent 2017 State of Privacy and Security Awareness Report, companies need to take these topics more seriously leading into 2018,” said Steve Conrad, MediaPro’s managing director. “The 2018 Eye on Privacy Report shows companies could be doing a better job educating their employees about how to handle sensitive data. It’s time to stop playing with fire when it comes to data privacy – before it’s too late.”
Other concerning results, including the lack of awareness employees have about privacy regulations and handling sensitive data in their personal and professional lives, underscore the need for a culture change around how sensitive data is considered and handled.
“With Data Privacy Day right around the corner and GDPR just months away, now is an ideal time for organizations who haven’t taken data privacy seriously to begin to do so,” said Tom Pendergast, MediaPro’s chief strategist for security, privacy, and compliance. “Data privacy is everyone’s responsibility, and organizations can prepare their employees to protect against threats through year-round privacy awareness training programs that addresses privacy concerns at the root of employee culture.”
For the full results of the survey, please visit www.mediapro.com/2018EyeonPrivacy.
Source PR Newswire