Business Cloud News
A recently published survey suggest many UK businesses are still in the dark about how the recently approved EU Data Protection Act, which could come into force before the year's end, will impact them

A recently published survey suggest many UK businesses are still in the dark about how the recently approved EU Data Protection Act, which could come into force before the year’s end, will impact them

A recently published survey of 850 senior IT decision makers across Europe revealed a lack of basic knowledge about the EU Data Protection Act, with 50 per cent of the 250 British IT decision makers polled “completely unaware” of the impending regulation. The results could have serious implications for providers of cloud services and their customers, particularly those that handle large volumes of personal data.

According to Trend Micro, the IT security vendor that commissioned the survey, just ten per cent of UK respondents said they fully understood what steps their organisation needs to take to achieve compliance.

Of those that know of the impending EU Data Protection Act, which was approved by European Parliament in a vote earlier this year, 85 per cent believe their organisation will face significant challenges in order to comply with the data protection regulation, with a quarter saying they don’t think it’s realistic to adhere to.

Lack of employee awareness (44 per cent) and restricted resources (31 per cent) were highlighted as the biggest barriers.

“With ratification expected in 2014, it’s alarming to see how little is known about such key privacy regulations, “said Rik Ferguson, vice president security research at Trend Micro. “This effects every organisation, regardless of size. If a company processes data then it needs to be aware.

The EU Data Protection Act, which aims to comprehensively reform data protection and strengthen online privacy rights uniformly across Europe, could see companies that violate the regulation fined as much as €100million or five per cent of global revenue. This extends to any business operating in the European market, including foreign-owned companies.

“As companies look to gain maximum value from a new generation of big data projects, data privacy should be a board level discussion. This is not just an IT issue, duty to comply falls to everyone from the receptionist right up to the CEO,” Ferguson said.

The research strongly suggests that among UK businesses many are still unaware about how the regulation will be applied and who it will impact.

For instance, 24 per cent of senior IT decision makers either didn’t think the regulation would apply to their organisation or didn’t know. And just 48 per cent of UK respondents correctly pointed out that the EU DPA would apply to any company that deals with EU resident data, even if that company does not have a legal entity within the EU.

“These findings need to serve as a wake-up call, both to businesses and governments that these changes are coming and we all need to prepare,” said Ferguson. “If they don’t take action there’s the very real chance that they might wake up with a nasty fine on their hands that could potentially have a major impact on their business.

“I would recommend that every business starts the process of compliance with a health check or assessment of where the organisation is right now. What data is stored, how it is processed and what policies currently govern it. This will put organisations in a position to know where the holes are in their data policy and what needs addressing,” added Ferguson.

It’s very difficult to tell how effective a regulation will be until it’s implemented, but Vinod Bange, partner and data protection specialist at international law firm Taylor Wessing explained the damages for non-compliance should “tip the scales” and ensure organisations implement mitigating measures.

He also warned that this shouldn’t be seen as a “simple technology fix.”

“Whilst we do not yet know exactly when it will come into force, there is an expectation it may be the end of 2014 so businesses need to act now to ensure they are moving towards a data strategy that fits to the new regulation,” he said.

Bange added that with the heightened concern about data protection among users of digital services, businesses can even turn compliance into a commercial opportunity.

“Particularly for SMEs, to differentiate their offering now by becoming compliant in advance, at least against the objectives and spirit of the proposed EU regulation and perhaps advertising themselves as reaching the new benchmark,” he said.

“This will help reassure potential clients that they can be trusted as a partner throughout the upcoming regulatory turmoil,” he added.