A widespread ignorance of new data protection rules could be leading businesses into severe financial penalties and loss of reputation.
Eighty-four per cent of UK small business owners and 43% of senior executives of large companies are unaware of the forthcoming General Data Protection Regulation, according to Shred-it's seventh annual Security Tracker research, conducted by Ipsos.
The GDPR will replace existing European data protection laws from May 2018 (despite the Brexit vote).
The Security Tracker survey also found that only 14% of small business owners and 31% of senior executives were able to correctly identify the fine associated with the new regulation - up to €20 million (£17.1m) or 4% of global turnover.
This is despite a large proportion of senior executives (95%) and small business owners (87%) claiming to have at least some understanding of their industry's legal requirements.
Robert Guice, senior vice president of Shred-it EMEAA, said: "As we approach May 2018, it's crucial that organisations of all sizes begin to take a proactive approach in preparing for the incoming GDPR.
"From implementing stricter internal data protection procedures such as staff training, internal processing audits and reviews of HR policies, to ensuring greater transparency around the use of personal information, businesses must be aware of how the legislation will affect their company to ensure they are fully compliant."
"Governmental bodies such as the Information Commissioner's Office (ICO), must take a leading role in supporting businesses to get GDPR ready, by helping them to understand the preparation needed and the urgency in acting now."
"The closer government, information security experts and UK businesses work together, the better equipped organisations will find themselves come May 2018."
Businesses unaware of the forthcoming legislation and its implications are not only putting themselves at risk of severe financial penalties, but also the reputational damage caused by adverse publicity associated with falling foul of the law, he said.
“This can often have a greater impact than the fine itself. Research shows that 64% of executives agree that their organisation's privacy and data protection practices contribute to reputation and brand image.”
Of those respondents who claim to be aware of the legislation change, only 40% of senior executives have already begun to take action in preparation for the GDPR, in spite of 60% agreeing that the change in legislation would put pressure on their organisation to change its policies related to information security.
The survey also highlights that companies feel the UK government needs to take more action. Forty-one per cent of small business owners (an 8% increase from 2016) believe the Government's commitment to information security needs improvement.
The EU's GDPR will come into effect on May 25, 2018 in the UK.
It is the first ever truly global piece of data protection regulation and brings into play the concept of a 'one-stop shop' for data protection, as any lead data authority in the EU will be able to take action against an organisation in their respective jurisdiction.
The legislative changes will see stricter rules introduced for companies around securing consent to use personal information, as well as additional requirements for some organisations such as the introduction of a nominated data protection officer and privacy risk assessments for certain projects or activities.
Whatever the situation regarding the UK's EU membership, the GDPR will still apply in EU markets where UK companies do business and those companies will still be expected to comply with the legislation's requirements in these countries.
But Steve Nash, chief executive of the Institute of the Motor Industry, saw positives in the Shred-it survey.
"The CIPD report indicates that employers are seeking new ways of meeting their skills’ requirements, especially in relation to younger applicants.
"In this context it’s positive to see over half of employers are now choosing to upskill their existing workforce in order to improve their skillsets and better prepare them for the changing and evolving demands of the workplace.”
“After the introduction of the apprenticeship levy last month it’s no surprise that almost 40% of organisations are now offering apprenticeships.
"Even though businesses report finding it harder to fill vacancies due to a lack of applicants or factors such as poor terms and conditions, growing your own talent through apprenticeships is a great way of building a pipeline of fresh, skilled people over time and the evidence shows that staff show greater loyalty to those who trained and developed them.
"Similarly, upskilling your current workforce is always a positive way to increase productivity and staff loyalty.”
“All of these same factors apply to the motor industry and we will continue to be reliant on new talent in order to operate most effectively. So the IMI is committed to helping businesses find the right ways to continuously develop their staff and recognise their achievements. We are also doing all we can to help them get the maximum benefit from the government’s apprentice reforms.”
> Coverage of AM's roundtable debate on GDPR, that took place at the recent AM DigiTech conference, will be in the July issue of AM. Digital issues.
> GDPR is the topic of a seminar at Automotive Management Live.