Half of public sector 'unaware of data protection proposals'

Written by Colin Marrs on 23 April 2014 in News
News

Half of public sector organisations are unaware of a proposed European regulation which would increase data protection requirements and increase the level of fines for breaches to €1 million, according to a new survey.

In March, the European Parliament voted strongly in favour of the draft directive, which would unify data protection laws across the whole of the European Union.

But a survey of European organisations revealed that 49% of public sector organisations are unaware of the proposals, which could come into force as early as 2017. This compares to a figure of 36% across all respondents, including private sector firms.

Rik Ferguson, vice president of security research at Trend Micro, said: “With ratification expected in 2014, it’s alarming to see how little is known about such key privacy regulations,

“As organisations look to gain maximum value from a new generation of big data projects, data privacy should be a board level discussion.

“This is not just an IT issue, duty to comply falls to everyone from the receptionist right up to the CEO.”

The survey showed that only 11% of public sector respondents who say they are aware of the proposals rated their knowledge as “very good”, with 30 per cent saying it was good and 34% saying it was satisfactory.

Around half of all those surveyed in the public sector supported the idea of the new regulation.

The top measure identified as necessary to comply with the new rules was increased training (55%) followed by investment in IT security (50%). 18% said that their existing protections were satisfactory to meet the requirements of the proposals, compared to 11% across all sectors.

Currently the Information Commissioners Office can fine public sector bodies and companies a maximum of £500,000 for breaches of data protection laws.

The draft proposals would see this increased to €1 million (£824,000), although the European Parliament is pushing for this to be raised to €100 million.

The proposals would also introduce a right for individuals to force organisations to remove their details from databases if there is no longer a legitimate reason for keeping it.

The draft regulation is now subject to negotiation between the European Parliament and the Council of the EU.

Speaking today at a round table event to discuss the proposals, Vinod Bange, data protection lawyer at law firm TaylorWessing said: “It is clear that this is going to cost organisations money to put themselves in the position of compliance. But it will also cost them if they don’t comply.”

Ferguson said: ““These findings need to serve as a wake-up call, both to businesses and government that these changes are coming and we all need to prepare.”

“If they don’t take action there’s the very real chance that they might wake up with a nasty fine on their hands that could potentially have a major impact on their business.”

Share this page

Tags

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Why government is ‘failing’ on AI openness
17 February 2020

The body dedicated to upholding ethical standards across the public sector has published a major report examining how to ensure those standards are not threatened by AI and automation

‘No individual data’ compromised during massive DfE breach, minister claims
27 January 2020

Access to information in the Learning Records Service – which contains data on 28 million children – was provided via a third-party firm

Regulators issue warning over police use of facial recognition
27 January 2020

Biometrics and information commissioners remind Met Police that questions remain over both legal footing and public sentiment