Data security measures still lacking even amid GDPR efforts

An Ipsos study conducted on behalf of Shred-it on the eve of the General Data Protection Regulation (GDPR) enforcement deadline has found that most businesses in the UK, especially the smaller ones, have fallen short when it comes to working towards compliance.

Particularly when it comes to the financial, legal, and insurance sectors – even with polled executives reporting being hit by data breaches – many are still not as prepared as they should be. Here are the numbers for the abovementioned industries:      

• 20% have no policy in place for storing and disposing of confidential paper documents
• 30% have no policy for storing and disposing of confidential information on electronic devices
• 17% review security procedures and policies once a quarter
• 45% have trained employees on identifying fraudulent emails
• 40% have trained employees on reporting a lost or stolen device

“Data previously released by Shred-it showed GDPR awareness was still at alarmingly low levels as the regime was coming into full force,” said Neil Percy, vice president market development and integration EMEA at Shred-it. “When it comes to specific preparations, too many businesses are way behind the curve.

“British companies need to close the gap on what information they are permitted to hold and what they must delete, and also extend the focus beyond the purely digital to consider physical formats, equally important under GDPR.”

Percy added that the lack of ‘ubiquitous’ training on GDPR suggests that a large proportion of the workforce in the UK is not appropriately trained for the kinds of safeguards necessary under the new regulation.

Related stories: 
Directors to be held personally responsible in GDPR world
Insurance industry reacts after major retailer hit by massive data breach