Report: 6 in 10 US-based Employees Unaware of GDPR
With just five months remaining until the EU’s General Data Protection Regulation (GDPR) goes into effect, new research from MediaPro shows more than half of US-based employees have never heard of the forthcoming regulation.
With 54 percent of U.S. companies citing GDPR readiness as a top priority, this lack of understanding among the average U.S. employee could prove costly. Fines for GDPR non-compliance could total up to 4 percent of an organization’s annual global turnover or $27 million U.S. dollars, whichever is greater. The GDPR, which any organization worldwide must comply with if they handle the personal data of EU citizens, goes into effect May 25 this year.
This data on GDPR awareness comes from MediaPro’s 2018 Eye on Privacy Report, a survey of more than 1,000 U.S. residents testing their knowledge on data privacy best practices and both global and national privacy regulations. Topics included when to report potential privacy incidents, what qualifies as sensitive data, and how often they grant access to third-party applications on phones or mobile devices.
Additional findings of the report include:
- 59 percent of respondents said the GDPR was “completely new” to them
- 8 percent of respondents said they were unsure if they should report a cybercriminal stealing sensitive client data while at work
- Finance sector employees did not consider tax information any more sensitive than respondents from the six other industries, including education and healthcare, included in the survey
- Respondents in the technology sector demonstrated the least ability to correctly identify scenarios that could put private data at risk, such as reportable privacy incidents
“With these survey results and the surprisingly low levels of privacy and security awareness found in our recent 2017 State of Privacy and Security Awareness Report, companies need to take these topics more seriously leading into 2018,” said Steve Conrad, MediaPro’s managing director. “The 2018 Eye on Privacy Report shows companies could be doing a better job educating their employees about how to handle sensitive data. It’s time to stop playing with fire when it comes to data privacy – before it’s too late.”
Other concerning results, including the lack of awareness employees have about privacy regulations and handling sensitive data in their personal and professional lives, underscore the need for a culture change around how sensitive data is considered and handled.
“With Data Privacy Day right around the corner and GDPR just months away, now is an ideal time for organizations who haven’t taken data privacy seriously to begin to do so,” said Tom Pendergast, MediaPro’s chief strategist for security, privacy, and compliance. “Data privacy is everyone’s responsibility, and organizations can prepare their employees to protect against threats through year-round privacy awareness training programs that address privacy concerns at the root of employee culture.”
MediaPro surveyed 1,007 U.S. residents concerning data privacy best practices and regulations, both national and global, and analyzed the data by age group and industry sector. Every respondent had to be 18 years or older and employed. The survey asked questions in the context of five real-life scenarios that could play out in nearly any corporate office across the country. Each scenario dealt with a different aspect of data privacy knowledge or a privacy best practice. The survey was conducted in October 2017.