UK organisations risk penalties by ignoring upcoming GDPR

Research by Sharp suggests that almost one quarter of employees store data in public cloud services without permission

With the EU General Data Protection Regulation (GDPR) coming into full force next May, thousands of UK businesses are at risk of incurring steep fines if employees fail to comply with guidelines.

That's the warning from electronics company Sharp, following a UK-wide survey that indicated that many organisations are at risk of falling on the wrong side of the GDPR.

The Regulation is a comprehensive piece of legislation enforcing complex data protection obligations from businesses, non-profit organisations and public-sector organisations, and implemented direct from Brussels.

But the threat of fines of up to four per cent of turnover has caused considerable concern and confusion among some IT leaders.

The Sharp survey suggests that almost ten per cent of office workers have had access to confidential information that they should not have had, putting both customers and companies at risk of data leaks.

Twenty-five per cent admit to storing data in the public cloud, despite not being permitted to do so. The issue is complicated by the workforce's increasing ability to work remotely, Sharp said in its report.

"It is up to businesses to find the right balance between modern ways of working and secure data sharing. When you also consider that 75% of employees access work documents on the go, businesses need to do more to keep up with their workers," says Stuart Sykes, managing director at Sharp Business Systems.

Sharp's research also shows about a third of employees (31 per cent) flaunt office protocol by taking work home to complete, despite being told not to.

Even HR are going against IT policy, with 30 per cent of managers storing information in the public cloud.

Although the UK is set to leave the European Union, it will come into force before the two-year deadline for Brexit negotiations to be completed, under Article 50, are up. But the British government has confirmed it will mirror the GDPR after withdrawal.

Security and privacy expert Dr Karen Renaud says that businesses need to provide better support for their employees to improve compliance.

"As long as businesses continue to require or implicitly overlook insecure behaviours, security will always be sacrificed," said Renaud.