More than 80% of IT managers surveyed in Germany, France, Britain and Italy know nothing about the content and impact of the new European Data Protection Regulation, which will be published next year. This resulted from a survey of 660 companies conducted in August and September jointly with our partner Blancco, a leading manufacturer of specialized data erasure software.
While 51% of respondents believe that the new rules will affect their data management strategy and their data destruction processes, 61% reported that they have not taken yet any concrete measures to ensure the necessary adaptation. More than half of the firms (55%) have neither checked nor adjusted their processes for data destruction so far. 25% of all respondents also indicated that they have no process for data destruction in place.
This is all the more surprising since the new EU regulation, also known as GDPR (General Data Protection Regulation), intends to improve the protection of personal data in Europe. With its introduction in the coming year, the regulation will turn “the right to be forgotten” virtually into law and companies will be committed to comply more than ever with personal data protection for the data collected by them.
Although data protection in Germany is already relatively well established by means of several regulations and acts, in contrast to many European countries where personal information can be sometimes dealt with in a very lax form, the new Data Protection Regulation goes far beyond this: It requires all European Union-based companies to erase personal data on request or when they are no longer needed by the company. At the same time, companies are prompted to use verifiable procedures when processing personal data.
When questions about the currently active data destruction processes are asked, it becomes clear that there is still much to do in the business community: More than half of all companies (55%) have established active processes for their desktop or laptop devices and 42% also for their storage systems. But the outlook is rather bleak concerning data destruction for mobile portable devices and external cloud systems: only about one-third, or 8% of all companies have integrated a data destruction process into their data management.
Therefore there is still a lot to do before the GDPR is enacted across Europe. It is better to deal now, before it’s too late, with the necessary measures and integrate them into existing processes or establish completely new ones. After all, what many people don’t know is that penalties for companies who violate the new rules are serious: up to 250,000 euros, or 0.5 percent of annual sales for minor offenses and up to 100 million euros, or 5 percent of annual sales in severe cases. Therefore it’s worthwhile, as proposed by the EU, to introduce verifiable processes for data destruction and the appropriate tools.
What these could be is what we showed together with Blancco at the IT-SA, the world’s leading trade fair in Nuremberg, held until the 9th October. We exhibited both Blancco’s software products for the secure deletion of data on every conceivable medium and our hardware degausser for sustainable deletion on magnetic data carriers and their preparation for disposal.