The EU’s General Data Protection Regulation (GDPR) compliance date is fast approaching. Companies only have until May 25, 2018 to bring their policies, processes, and technology up to the standard demanded by GDPR. Any company that fails to comply with GDPR requirements faces a substantial financial penalty – The maximum penalty is €20 million or 4% of the previous year’s global annual turnover.
GDPR was adopted by the European Parliament on April 16, 2016. Companies have therefore had two years to comply with the regulations. While GDPR is a European law, it also applies to companies outside the EU that handle the data of EU residents. That means companies in the United States must also comply with GDPR and their employees must be trained on the requirements of the legislation with respect to privacy, security, and the handling of data.
However, a recent MediaPro report – The 2018 Eye on Privacy Report – shows many US employees only have a very basic understanding of GDPR, and an alarming number have not even heard of EU Directive.
The survey was conducted on more than 1,000 US residents, who were asked questions about data privacy best practices and regulations, both domestic and international. Six out of ten respondents had not even heard of GDPR. Only 4% of respondents said they knew a lot about GDPR.
Previous research has shown more than half of US companies have made GDPR compliance a priority, so the lack of understanding of the regulations by employees is a major concern. GDPR compliance is not only about improving policies and procedures to protect the privacy of EU residents. Employees must ensure they handle data correctly. The lack of understanding of GDPR among the workforce shows companies still have a long way to go to ensure they meet GDPR requirements.
Employees from the education sector had the least understanding of GDPR, with 78% saying it was completely new to them. Government agencies were next on 70%, followed by other (69%), retail (65%), professional services (56%) and healthcare (53%). Worryingly, government workers knew the least about the EU-U.S. Privacy Shield. 76% said the framework was completely new to them. The EU-U.S. Privacy Shield is a framework that helps companies in the U.S. and Europe comply with data collection regulations in both countries.
“The 2018 Eye on Privacy Report shows companies could be doing a better job educating their employees about how to handle sensitive data. It’s time to stop playing with fire when it comes to data privacy – before it’s too late,” said Steve Conrad, Managing Director of MediaPro.
“Data Privacy Day [is] right around the corner and GDPR just months away, now is an ideal time for organizations who haven’t taken data privacy seriously to begin to do so,” said Tom Pendergast, chief strategist for security, privacy, and compliance at MediaPro.