Out-Law News 2 min. read
28 Apr 2014, 3:26 pm
A survey commissioned by security software provider Trend Micro of 850 senior IT decision makers at businesses across Europe found that UK companies are more likely to be ignorant of the General Data Protection Regulation than counterparts in Germany, where 87% of businesses are aware that the Regulation has been drafted and is under consideration by EU law makers.
Just 10% of UK businesses said they "fully understand" what measures they will need to take to comply with the new laws when they are finalised, Trend Micro said.
"A recent YouGov poll found that just 7% of the public are able to name an MEP for their own region, yet recently those seemingly anonymous individuals voted to support changes to EU data protection laws that promise to have a major impact on the public's privacy rights," data protection law expert Marc Dautlich of Pinsent Masons, the law firm behind Out-Law.com, said. "Whilst the General Data Protection Regulation is still some way from being finalised, it is a concern that many UK businesses appear to be ignorant of it and the implications it will have for the way they process personal data."
"Given that the Regulation looks set to introduce a significantly stiffer sanctions regime than is currently in place, it is imperative that businesses familiarise themselves with the likely changes in the law and think about the steps they will need to take to comply with the new framework," he added.
The proposed new EU General Data Protection Regulation was first published by the European Commission in January 2012 and has subsequently been the subject of intense debate among industry groups and EU law makers.
In March, following months of scrutiny of the proposals, the European Parliament gave its backing for an amended version of the Regulation which would, if introduced, deliver widespread changes to EU data protection laws. Businesses would be required to adhere to new rules when obtaining individuals' consent to the processing of their personal data, whilst existing rules that govern transfers of personal data outside of the European Economic Area (EEA) would also be updated.
In addition, businesses would be under a new obligation to notify both regulators and members of the public about some data breaches they experience and a new 'one stop shop' mechanism would exist to allow businesses operating across the EU to engage with just a single data protection authority in the trading bloc, subject to exceptions.
Other changes backed by the MEPs would see businesses face possible fines of up to 5% of their annual global turnover, or €100 million if greater, if they breach the new data protection laws.
The EU's Council of Ministers, which in addition to the European Parliament must also give approval to the Regulation before it can become law, has yet to reach a consensus on the proposals. However, it is the stated aim of political leaders across Europe for agreement to be reached on the reforms by the two law making bodies "by 2015".
Trend Micro said that its survey, carried out by market researchers Vanson Bourne, found that 85% of the UK businesses aware of the draft Regulation would face "significant challenges" in complying with the new framework, with a quarter of the view that compliance with the propsed new rules would not be realistic. Nearly a third of respondents (31%) said that dealing with restricted resources was the biggest barrier to compliance, whilst 44% said that a lack of employee awareness was the biggest barrier, Trend Micro said.
More than a quarter of UK businesses "will be improving their business insurance policy in the event of a data breach" as part of their measures to comply with the new Regulation, it added. More than half of the companies also intend to increase employees' data protection training and invest in IT security.