Six in 10 UK adults have never heard of the European Union’s General Data Protection Regulation (GDPR) that will form the basis of coming UK data protection law, a survey has revealed.
The survey of 2,000 UK adults was commissioned by cloud security firm Netskope to get a snapshot of current understanding of the GDPR among adults of working age, and the extent to which employers have informed staff about the regulation.
While almost 63% had never heard of the GDPR, less than 10% of respondents claimed to have a detailed knowledge of the regulation, and just over 14% said they had heard of the regulation but did not know what it was. Just over 13% said they had some general understanding of the GDPR.
When asked if their employer had informed them about the GDPR and its effect on working processes, 70.4% said that they had not been told anything about the GDPR yet by their employers, despite the fact that all UK companies handling EU citizens’ personal data will have to be compliant in 16 months’ time.
A further 8.6% said the GDPR had been mentioned, but that they were unsure of the details of the regulation, and 21% said they had been offered “plenty” of information about the GDPR.
Finally, when asked to state the maximum fine possible for a company found to have breached the regulation and infringed on data subjects’ rights in the process, just 1% of respondents were able to accurately pinpoint the correct maximum fine of €20m or 4% of annual worldwide turnover, whichever is larger.
Just over 20% thought the maximum fine would be €1,000 or less, underestimating the figure by a factor of 20,000. Just under 10% thought the maximum fine was €1m, which is just 5% of the maximum fine under the GDPR.
In 2016, TalkTalk was issued with a £400,000 penalty by the Information Commissioner’s Office (ICO) for security failings that allowed a cyber attacker to access customer data “with ease”. Even if translated into a lower tier GDPR fine (the higher of 2% of annual worldwide turnover or €10m), this fine would have increased to £3.68m, demonstrating the increased financial incentive for businesses to tackle GDPR compliance. André Stewart, vice-president for Netskope in Europe, said the findings of the survey show that organisations have a lot of work to do to educate employees on the GDPR and the safe data handling behaviour needed to achieve compliance. “With seven in 10 UK adults yet to be educated about the GDPR by their employers, it’s possible that many employers are either unaware of the importance of coaching staff or they are not yet making the GDPR a high priority,” he said.