Half of public sector 'unaware of data protection proposals'

Written by Colin Marrs on 23 April 2014 in News
News

Half of public sector organisations are unaware of a proposed European regulation which would increase data protection requirements and increase the level of fines for breaches to €1 million, according to a new survey.

In March, the European Parliament voted strongly in favour of the draft directive, which would unify data protection laws across the whole of the European Union.

But a survey of European organisations revealed that 49% of public sector organisations are unaware of the proposals, which could come into force as early as 2017. This compares to a figure of 36% across all respondents, including private sector firms.

Rik Ferguson, vice president of security research at Trend Micro, said: “With ratification expected in 2014, it’s alarming to see how little is known about such key privacy regulations,

“As organisations look to gain maximum value from a new generation of big data projects, data privacy should be a board level discussion.

“This is not just an IT issue, duty to comply falls to everyone from the receptionist right up to the CEO.”

The survey showed that only 11% of public sector respondents who say they are aware of the proposals rated their knowledge as “very good”, with 30 per cent saying it was good and 34% saying it was satisfactory.

Around half of all those surveyed in the public sector supported the idea of the new regulation.

The top measure identified as necessary to comply with the new rules was increased training (55%) followed by investment in IT security (50%). 18% said that their existing protections were satisfactory to meet the requirements of the proposals, compared to 11% across all sectors.

Currently the Information Commissioners Office can fine public sector bodies and companies a maximum of £500,000 for breaches of data protection laws.

The draft proposals would see this increased to €1 million (£824,000), although the European Parliament is pushing for this to be raised to €100 million.

The proposals would also introduce a right for individuals to force organisations to remove their details from databases if there is no longer a legitimate reason for keeping it.

The draft regulation is now subject to negotiation between the European Parliament and the Council of the EU.

Speaking today at a round table event to discuss the proposals, Vinod Bange, data protection lawyer at law firm TaylorWessing said: “It is clear that this is going to cost organisations money to put themselves in the position of compliance. But it will also cost them if they don’t comply.”

Ferguson said: ““These findings need to serve as a wake-up call, both to businesses and government that these changes are coming and we all need to prepare.”

“If they don’t take action there’s the very real chance that they might wake up with a nasty fine on their hands that could potentially have a major impact on their business.”

Share this page

Tags

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Privacy Shield: government working with ICO to ‘update guidance as soon as possible’
29 July 2020

The invalidation of the EU-US data-protection agreement could have major ramifications for UK organisations’ legal responsibilities

Public sector cyber procurement quadruples in five years
20 July 2020

PublicTechnology research shows a big spike in the number of contracts awarded to IT security specialists by public-sector buyers

UK calls out Russia for ‘despicable’ cyberattacks on vaccine efforts
17 July 2020

NCSC joins up with counterparts from US and Canada to attribute phishing and malware assaults to Kremlin-linked entities