Is the UK ready for the upcoming changes to data protection laws?
March 2015 by
In 2015 the UK’s data protection laws look set to change for the first time since 1998 and Britain’s businesses – along with 27 other EU member states – will have to make significant changes to the way they collect, store and use the personally identifiable information of EU citizens.
As experts from Fujitsu, Websense and Ovum come together to discuss what these changes mean for businesses, Fujitsu carried out research across IT decision makers in the UK[1] to discover how prepared they are for the changes and whether they supported the changes:
More stringent data protection regulation is welcomed by IT decision makers
• 80% of IT decision makers believe more stringent data protection laws are needed in this data- driven world
• And 40% do not believe that current regulation around data protection and privacy is adequate to protect an individual’s data
But there is work to do in ensuring the UK is prepared
• 58% of half of IT decision makers have a high to very good understanding of the proposed ‘EU General Data Protection’ regulation and just over half believe they are prepared for it
CEOs need to take notice - this should be a boardroom issue
• 80% of IT decision makers want to see the regulation discussed at boardroom level
• And nearly two thirds (61%) welcome larger fines for data protection negligence and would like to see them introduced
Neil Thacker, Information Security & Strategy Officer at Websense:
“Organisations and their executive team want to reduce likelihood and overall impact arising from a data breach, which in 2015 is considered a top 5 risk by CEOs. Many organisations however still lack the skill set and technology available to detect data theft from external and insider threats. Some organisations even fail to understand what data they are collecting, for what purpose and the real value of this data”
“When it comes to collecting and processing data, there is not always a true picture of data flow and retention within an organisation. This is an important requirement and is a fundamental of what the current directive and proposed general data protection regulation is meant for – to ensure personal data is protected and to ensure citizens maintain their right to manage consent and ultimately their privacy”.
Rik Turner, Senior Analyst at Ovum:
“We live in a very different world from 1995, which was when the last big piece of EU regulation in this area came out. It’s a world in which mobile working is the norm, with data being held all over the place. Today, we don’t necessarily know where our data is residing, and that’s clearly an issue for some countries and their citizens. This new legislation is making sure the regulations are appropriate to the technological landscape as it unfolds before us and takes into account how it has changed over the last 20 years.”