A little knowledge is a dangerous thing

We’ve just carried out a quick survey about data security. To sum up the findings in a couple of words, confusion reigns.

We asked delegates at the RWM expo in Birmingham three simple questions, but Question 2 drilled further into the responders’ answers to Question 1. We soon saw their confidence in those answers wasn’t necessarily justified.

Question 1 asked: Is data in your organisation deleted?
Yes 39 per cent
No 46 per cent
Don’t know 15 per cent

Now, those percentages are more than worrying. Given the number of “don’t knows”, it’s likely that over half of organisations aren’t erasing data. It’s lurking and a potential source of problems. These organisations are exposing themselves to the risk of a serious data breach and all its consequences. But what about the more positive responses? If we’re generous to the “don’t knows” and assume the “yes” responses should be a bit higher, have we got a solid base on which we can build? Let’s look at Question 2.

Question 2 asked: If you responded “yes” to Q1, do you know how it is deleted?
We got a wide range of answers. Some people shrugged and said that their IT team handled the issue. Others said that individual users were responsible. One respondent said the task was completed every five years. The recycle bin was mentioned and a couple of people talked about paper shredding. Only 25 per cent of those who answered said that data was wiped from their systems. A third simply didn’t know. It could be that those “don’t knows” aren’t a problem. It could be that someone within each of these organisations is handling data according to data protection regulations, but to be frank, we weren’t convinced. We felt very much that there was a lack of understanding and an unwillingness to engage with the issue. We’d been told one thing, but were hearing another – Data security isn’t that serious
a problem, is it? Anyway, it’s not my responsibility.

Which leads us to Question 3.
Question 3 asked: Are you aware of the General Data Protection Regulation?
Yes 63 per cent
No 28 per cent
Not Sure 9 per cent
On the surface, the numbers look promising, but there remains a significant proportion of responders who aren’t even aware of GDPR let alone have knowledge of its provisions, responsibilities and penalties. GDPR is enforceable from May 2018. Most organisations will have work to do to prepare for it, and yet there is this ignorance and apathy. Perhaps more worrying is that amongst the positive responses – the 63 per cent who claimed awareness – there will be those as vague in their understanding of the regulations as they are about their current data security procedures and protocols. Ignorance about data security can get organisations into a lot of trouble. GDPR is necessary. It is coming and businesses need to wake up.

Global EMEA is an expert in data security and can help you to prepare for GDPR. Call us today on +44 (0) 345 340 3105 to find out more.

Leave a Reply