24 November 2014

More than 81 per cent of IT managers across the European Union are unfamiliar with the new EU General Data Protection Regulation (GDPR).

The GDPR aims to unify data protection laws to meet the challenges of the digital age and in particular strengthen the protection of online personal data. The European Council aims for its adoption in late 2014 and the regulation is planned to take effect after a transition period of two years.

When enacted into law, it will require all businesses handling EU residents’ data to delete personal information on request or when it is no longer required by the organisation, and encourage the use of auditable deletion procedures for companies processing personal data.

Non-compliant businesses could receive fines ranging from €250,000 or 0.5 per cent of annual worldwide turnover for less serious breaches, up to €100,000,000 or five per cent of annual worldwide turnover for more serious infractions.

But in a survey of 660 IT managers conducted by Kroll Ontrack and data erasure specialist Blancco, 61 per cent said that their organisations have not taken measures to achieve compliance with the pending regulation. More than half had not reviewed or adapted their data destruction policies, while 25 per cent admitted to not having such a process in place.

“Organisations still have a great deal of work to do to ensure they comply with the GDPR regulation,” says Paul Le Messurier, programme and operations manager, Kroll Ontrack. “Any business holding personal data on EU residents, be it online or offline, will have to abide by the new rules.”