An alarming 66% of UK business owners either haven’t heard of GDPR’s impact on metadata security, or currently don’t have any plans in place to comply with its effect, according to research from DocsCorp.
The General Data Protection Regulation comes into effect 25 May 2018, and companies which fail to comply could incur fines of up to €20 million.
The handling of personal data – such as names, addresses, and bank details – is often transferred between computers via metadata, and would therefore be required to comply with new regulations under GDPR.
Shockingly, 30% of the SME business owners polled didn’t even know what metadata was, which rose to a staggering 67% in the finance sector.
GDPR will apply to all EU member states, as well as those outside the Union who trade with EU countries.
UK companies not currently on track for GDPR compliance
This study suggests little progress has been made in the past few months, with research from earlier this year revealing only 54% of organisations were on course to comply with the legislation.
Furthermore, separate research from May 2017 found 31% of marketing and advertising businesses believed GDPR would have no impact on their organisation.
Ben Mitchell, VP of DocsCorp EMEA, said: “There are a number of important steps that businesses should take before the May 2018 deadline. Firstly, evaluate all internal operations that involve the handling of secure data. Identify any areas that might present the risk of a data breach, and design processes to minimise that risk.
“Train employees where necessary, and implement smart systems and software to ensure security. Finally, understand the processes for reporting any breach to the proper EU authorities, as failure to report may escalate sanctions, penalties and fines, which can be up to €20 million, or 4% of your organisation’s global turnover, whichever is higher.”