Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events

Posts Tagged :

GDPR

GDPR still causing small business owners problems

GDPR is still causing small business owners problems, with many admitting that they are ‘clueless’ when it comes to the do’s and don’ts of data privacy regulations.

Aon commissioned researchers to poll 1,000 small business owners and found that many have procedures in place which could result in multi-million pound fines through ignorance of the new law, brought in from 25th May 2018.

More than a quarter of those polled allow staff to use their own computers, tablets and phones for work purposes which contravene rules as personal data could be stored unencrypted at home.

One in 10 also revealed they have visitors books in their HQ – where visitors can freely see details of others who have been there previously.

Paper diaries were still used by 26 per cent of businesses – which could contain private information or customer details and be easily misplaced.

And ten per cent said the circulation of printed out sponsorship forms – which often contain names and addresses – is common at their place of work, which is another contravention of GDPR rules.

Chris Mallett, a cyber security specialist at Aon said: “As the results show, many businesses could be in breach of GDPR – most likely without even realising it.

“Visitors books, allowing staff to use their own mobiles for work purposes and even seemingly minor things like distributing sponsorship forms around the office carry risk.

“Yet these sorts of things are commonplace among businesses big and small across the UK.”

TOP 10 MOST COMMON WAYS SMALL BUSINESSES ARE, OR COULD BE BREAKING GDPR RULES:

1. Allowing staff to use their own computers, tablets or phones for work purposes – if personal data isn’t encrypted
2. Staff using papers diaries used for work purposes and containing personal information – major risk of them being misplaced or falling into the wrong hands
3. Using training materials which feature full details of real life case studies
4. Using images which feature customers to promote your business
5. Storing files which potentially contain personal data outside of a defined structure/naming system
6. Using images to promote your business which feature members of staff wearing nametags
7. Holding unencrypted CCTV footage where individuals are recognisable
8. Recording customer calls which capture customer card details
9. Visitors books where visitors can see other people’s information when signing in – such as names, company they work for, their vehicle registration number etc
10. Staff members circulating sponsorship/charity donation sheets

Complaints to the ICO ‘have doubled’ since GDPR came into force

Complaints to the Information Commissioner’s Office (ICO) about potential data breaches have more than doubled since the General Data Protection Regulation (GDPR) came into effect, according to law firm EMW.

There were 6,281 complaints between May 25 2018, when GDPR came into force, and 3 July 2018, a 160% rise from just 2,417 complaints over the same period in 2017.

EMW says that businesses should be concerned about the significant increase in complaints and the size of potential fines that can be levied under the new GDPR.

Under the new regulations the cap on each fine will be raised to £16.5 million (or 4% of worldwide turnover of the entity being fined) – 33 times more than the current maximum £500,000 fine.

Increasing numbers of individuals are making complaints over potential data breaches, including some more disgruntled consumers making several, repeated complaints. Greater media publicity and Government advertising means there is a heightened awareness of individuals’ new data rights under GDPR. There is now a greater public focus on the accountability of businesses of all sizes in handling personal data.

EMW says individuals are most likely to make complaints when their sensitive personal and financial data is at risk. The financial services sector received over 10% of all complaints (660), with businesses in the education and health sectors receiving a combined 1,112 complaints.

James Geary, EMW Principal for Commercial Contracts, said: “A huge increase in complaints is very worrying for many businesses, considering the scale of the fines that can now be imposed. There are some disgruntled consumers prepared to use the full extent of GDPR that will create a significant workload for businesses.”

“We have seen many businesses are currently struggling to manage the burden created by the GDPR, whether or not an incident even needs to be reported. The reality of implementation may have taken many businesses by surprise. For example, emails represent one of the biggest challenges for GDPR compliance as failing to respond promptly to subject access requests or right to be forgotten requests could result in a fine. The more data a business has, the harder it is to respond quickly and in the correct compliant manner.”

37% of UK businesses ‘still not GDPR compliant’

New research shows that over a third of UK business haven’t fallen in line with GDPR, while a similar amount still send marketing emails without consent.

A survey of 1,021 UK workers carried out by MarketingSignals.com, revealed 37% confess they are still not following the General Data Protection Regulation (GDPR).

When asked to elaborate on why the business wasn’t falling in line, 35% said they are still sending marketing emails without the expressed consent.

In addition:

  • 31% say they still have the data of those who haven’t agreed to opt in to having their data stored.
  • 27% say they haven’t secured the data in case of a ransomware attack.
  • 22% say they have a longer process for those choosing to opt out from receiving information.
  • 14% say their firm hides privacy choices from people
  • 17% say they are still unsure as to what the benefits of GDPR are

Gareth Hoyle, managing director at MarketingSignals.com said: “The research shows there are many ways that businesses are admitting to not following the newly enforced GDPR regulations. GDPR is the most fundamental change to ever happen to data privacy, so it is imperative that businesses follow this and complete the process as soon as possible.

“Businesses need to understand that acting responsibly and ethically with customer data is crucial to protect and enhance brand reputation and ensure customer trust. Not only this, but it will enhance the quality of data collected which is a good thing for UK businesses.”

81% of UK marketers feel ready for GDPR, but their employers may not be

GDPR awareness is at its highest level since 2016 and 81% of marketers feel prepared – although 7% say their employers still have no plan in place.

The deadline for Europe’s most significant overhaul of consumer data privacy laws is this coming Friday (May 25th) and the Digital Marketing Association (DMA) has published research that finds UK marketers’ confidence in their GDPR preparations is at an all-time high.

The report, ‘GDPR & You – Chapter 5’, found that 81% of marketers are confident in their understanding and preparedness for GDPR, having steadily grown from 49% since the DMA’s first survey in 2016.

However, one in five (20%) of marketers state that their employers are behind schedule and will not be ready to comply with GDPR by 25 May. Worse still, 7% state that their organisation do not have a plan in place for GDPR.

Although not being enforced until 25 May, the transition period for organisations to become GDPR compliant began two years ago, and the DMA says there is a growing belief that the benefits of the new regulations to consumers outweigh the disadvantages to businesses, with more than half (52%) of marketers believing this to be true.

“It is encouraging to see that GDPR awareness and preparedness is at an all-time high, with marketers increasingly optimistic about the benefits of the new legislation,” said Chris Combemale, CEO of the DMA. “GDPR is a fantastic opportunity for organisations to build consumer trust and highlight to their customers the benefits of sharing their data. Organisations should use it to build a culture within their business of putting the consumer first and improving their experience.”

68% of marketers believe their employer is either on track or ahead of schedule with GDPR compliance.

In response to the findings that one in four marketers’ (27%) believe their organisations are either behind schedule or without a plan, Combemale said: “While the Information Commissioner’s Office (ICO) has stated that they will be pragmatic before handing out penalties, these companies must show evidence that they are doing everything in their power to be ready. Otherwise they won’t just be receiving fines from the ICO; they could lose their customers’ trust and be at risk of security breaches, with the reputational damage posing a real threat to brand and share value.”

Over a quarter of marketers have received no specific training in GDPR

One of the biggest priorities for marketers and their organisations surrounding GDPR and highlighted in the report revolves around staff training – with a spike in the past six months in the percentage of marketers who feel they have received appropriate training for GDPR, up 21% from November 2017 to 54% in the latest survey.

But the DMA says it’s a concern that despite the complexities of GDPR compliance and its impact on how organisations communicate with customers, more than a quarter of marketers polled (27%) have had no specific training to date. 34% felt that more training was needed and approximately 68% believed training will help their organisation comply beyond the deadline.

Find full details on the report on the DMA website, here: https://dma.org.uk/article/gdpr-and-you-chapter-five 

Two thirds of UK firms won’t be GDPR compliant by May 25

New research says UK companies are massively ill-prepared for this week’s General Data Protection Regulation (GDPR) enforcement deadline.

Less than a third (29%) of organisations surveyed by USB drive specialist Apricorn felt confident they would comply, and when questioned further and asked whether there were any areas they might be likely to fail, 81% could think of some area of the new requirements that might cause them to fail when it comes to GDPR compliance.

Fifty per cent of organisations who know that GDPR will apply to them admit that a lack of understanding of the data they collect and process is their number one concern relating to non-compliance.

On top of this, almost four in ten (37%) believe they are most likely to fail because of gaps in employee training, and almost a quarter (23%) say their employees don’t understand the new responsibilities that come with the GDPR.

While one in ten still regard the GDPR as a mere tick box exercise, a substantial proportion do view it as being of some benefit to their organisation – for example 44% agree that the new regulation is a welcome opportunity to overhaul their organisation’s data handling and security processes.

The most commonly taken step so far, for those who say they will be at least somewhat prepared for the GDPR, is to review and update their security policies for mobile working (67%). However, 30% still worry they could fail to comply due to mobile working, and almost a quarter (22%) of respondents are concerned they may fail due to a lack of encryption.

“Data or personally identifiable information (PII) is at the heart of GDPR and mapping and securing it should be every organisation’s number one priority. By now, all employees, from the top down, should have an understanding of the importance of GDPR and the role they play in keeping this data safe,” said Jon Fielding, Managing Director, EMEA Apricorn. “While we know that many organisations have provided some form of employee training, clearly in some cases this hasn’t been effective and organisations should address these gaps urgently.”

Firms still not ready for GDPR with less than 3 weeks to go

Only 6 in 10 company directors say they are confident their organisation will be ‘fully compliant’ with new data protection laws set to come in later this month, a new survey from the Institute of Directors reveals.

The poll of 700 bosses shows many businesses remain unprepared for the changes with just three weeks to go until GDPR comes into force.

Business leaders’ confidence in their preparations has declined over the past six months as the sheer scale of the regulations has come into view. Many business leaders are also less sure about how the new rules will affect their firms, with around 40% reporting they are not confident or unsure as to how GDPR will impact their company.

In preparing for the reforms, businesses were most likely to turn to external private advisors, business membership organisations, such as the IoD, and the Information Commissioner’s Office (ICO) for guidance. The IoD has so far directly assisted over a thousand of its members, providing guidance and template policies.

The new laws predominantly impact how businesses engage with customers and clients. However, directors also report that GDPR compliance is affecting processes in HR and IT, as well as their governance practices.

“GDPR has been a long time coming for businesses, but it is only proving more formidable as the deadline looms and companies drill down into the detail. The regulator has assured small businesses that there will be not be a sudden inquisition once the rules enter into effect, but with such large penalties for non-compliance, firms must assess what they have to do to avoid falling foul of the legislation, and they must do so soon,” said Jamie Kerr, Head of External Affairs at the Institute of Directors.

“While the regulations may be burdensome, the overriding impulse amongst company directors now is simply to follow the rules. However, SMEs, who are facing a whole host of competing priorities and generally cannot rely upon dedicated compliance teams, are still finding it difficult to digest the sheer scale of the legal changes.

“The Government’s immediate priority should be to ensure the ICO has the resources it needs to make a big final push to assist small businesses in the run up to this month’s deadline”.

60% of UK businesses won’t be ready for GDPR deadline

A new report by Crowd Research Partners has revealed that only 40 per cent of organisations are either GDPR compliant or well on their way to compliance by the May 2018 deadline.

The report highlights the lack of GDPR expertise and an overall underestimation of the effort required to meet GDPR, which represents the most sweeping change in data privacy regulation in decades.

The key findings of the study include:

  • A whopping 60% of organisations are at risk of missing the GDPR deadline. Only 7% of surveyed organizations say they are in full compliance with GDPR requirements today, and 33% state they are well on their way to compliance deadline.
  • While 80% confirm GDPR is a top priority for their organization, only half say they are knowledgeable about the data privacy legislation or have deep expertise; an alarming 25% have no or only very limited knowledge of the law.
  • The primary compliance challenges are lack of expert staff (43%), closely followed by lack of budget (40%), and a limited understanding of GDPR regulations (31%). A majority of 56% expect their organization’s data governance budget to increase to deal with GDPR challenges.
  • Approximately a third of surveyed companies report that they will need to make substantial changes to data security practices and systems to be in compliance with GDPR. The highest ranked initiative for meeting EU GDPR compliance is to make an inventory of user data and map it to protected EU GDPR categories (71%), followed by evaluating, developing, and integrating solutions that enable GDPR compliance.

The 2018 GDPR Compliance Report has been based on a comprehensive online survey of IT, cybersecurity and compliance professionals in the 400,000-member Information Security Community on LinkedIn, and has been produced in partnership with Alert Logic, AlienVault, Cavirin, Data443, D3 Security, Haystax Technology, and Securonix.

To download a copy, click here.

GDPR

Average spend on GDPR compliance ‘tops $1.5 million per global organisation’

An EfficientIP X-Day study says average spend on GDPR compliance tops $1.5 million per global organisation, with less than 100 days to go before the deadline for EU GDPR compliance on 25th May this year.

EfficientIP, through independent market research firm Coleman Parkes, asked over 1,000 companies worldwide about their preparation plans for GDPR. Among the key findings were:

  • Over two-thirds of global businesses at 72% are confident they will have all required GDPR compliance processes in place by 25th May 2018.
  • North America is the most confident region in world, with American and Canadian organisations saying they will be prepared at 84% and 75% respectively.
  • Despite the on-going Brexit negotiations and uncertainty looming over the enforcement and effectiveness of the EU GDPR regulation on local businesses, the UK is the most confident nation in Europe, with 74% saying they will be ready by deadline day.
  • In comparison, Spanish businesses are a close second to the UK at 73%, dropping to 66% of French respondents. German organisations are the least confident in Europe at 61%.

Businesses worldwide believe there will be a variety of benefits they will gain from being GDPR compliant. Nearly half of all organisations surveyed, at 46%, say the most important benefit from being GDPR compliant is gaining customer trust to handle sensitive data.

31% of businesses believe the most important value from compliance is enhanced brand awareness. 18% of respondents felt GDPR compliance will increase customer loyalty is the most important benefit.

APAC, North America and Europe businesses believe the biggest positive impact from compliance is increased trust in handling customer data at 53%, 46% and 41% respectively.

European organisations lead the study in saying increased customer loyalty is the biggest impact at 22%, with North America and APAC following respectively at 15%, 14%.

On average, global organisations have so far spent $1,583,000 (£1,145,000) on GDPR compliance. Globally, European businesses have spent the most on average on compliance with Germany leading at $1,969,000 (£1,424,000), followed by the UK with $1,798,000 (£1,300,000), with France completing the top three at $1,781,000 (£1,288,000).

USA and Singapore tops regional spending in North America and APAC, investing $1,568,000 (£1,134,000) and $1,521,000 (£1,100,000) respectively on average. Small and Medium Business have spent on average $1,263,000 (£893,000) so far on compliance, whereas large businesses have spent up to $5 (£3.5) million on compliance.

A key element in EU GDPR is for businesses to provide adequate data protection. In response to this regulatory requirement, 38% of global organisations are convinced that better monitoring and analysis of DNS traffic is the best option to provide data protection in their networks, whilst 35% think securing network endpoints is best and only 21% choose to add more firewalls.

EfficientIP says this shows organisations are finally realising, after the various successful data breaches over the last year, that firewall technology is no longer adequate.

APAC, North America and European organisations are confident in DNS monitoring and analysis technology at 40%, 37% and 36% respectively.

Commenting on the study figures, Herve Dhelin, SVP Strategy at EfficientIP, said: “As organisations enter the final straight of GDPR compliance with 100 days to go, our research shows they have never been so close to regulatory compliance. There is still some work to do, but it is encouraging to see nearly three-quarters of businesses are ready and most organisations see monitoring and analysis of DNS traffic, not firewalls nor endpoints, is the best way of preventing data breaches.”

GDPR

A quarter of UK consumers eye up potential GDPR compensation pay-outs

A survey of 1,000 UK consumers suggests that around half (52 per cent) would make a request if they suspected their personal information was being held without their consent.

According to the data from Macro 4 and MaruUsurv, 39 per cent would consider doing it just because they are curious to see what data companies are holding about them; and 26 per cent would make a request if there was a chance of compensation – which is possible if the rules were not being followed or their privacy was being breached, for example.

17 per cent would make a request in order to ‘get back’ at companies who had given them a negative experience.

In fact, only seven per cent of UK consumers would not be interested in seeing the personal information companies are holding about them, according to the survey.

As such, the research indicates GDPR requests will pose a challenge for organizations, both because personal data now includes so many different types of information and because it is difficult to predict just how many requests to prepare for.

Lynda Kershaw, Marketing Manager at Macro 4, said: “Personal information can be anything that is identifiable to an individual: everything from contact details, date of birth and credit card numbers, to information within emails and social media conversations, letters, bills and policy documents. Much of this is unstructured information held in separate systems controlled by different business departments and cannot be pulled together at the snap of your fingers.

“And things get even more complicated if you’re an online or ecommerce business that tracks people’s online behavior – such as the web pages they visit and ads they click – for marketing purposes. Under the new rules, cookies, IP addresses and other online identifiers all count as personal data. You need to explain exactly how you are using this kind of information, and be able to respond to customer queries about it, too.”

62 per cent of the survey sample said they want stricter rules surrounding data collected about people’s online behavior (sites they visit, ads they click and purchases they make). The GDPR takes account of this by classifying online identifiers such as computer IP addresses as personal information.

Surprisingly, with over six months to go before the GDPR takes effect, the research suggests that 66 per cent of consumers already have some awareness of the regulation. 43 per cent say they want to see bigger fines for companies who are not following data protection rules.

While tough financial penalties are expected for failing to comply with the GDPR, experts believe companies should also be concerned about compensation litigation, which could mimic the activity that has grown around Payment Protection Insurance (PPI) compensation pay-outs.

This supposes that hundreds or thousands of individuals could be brought together by law firms to mount ‘no-win, no-fee’ class actions against organizations who have not adhered to the new data privacy regulation.

Other findings of the Macro 4 research include:

  • 42% of consumers find it difficult to keep track of personal information they have consented to organizations collecting
  • 41% would be more likely to use a company that made it easier to understand what personal information they are holding and how it will be used
  • 31% want companies to provide discounts, special offers and other incentives in exchange for their personal information

For more background on the survey results download Macro 4’s accompanying report ‘The GDPR: what consumers think’ at: http://www.macro4.com/the-gdpr-what-consumers-think.

Mind appoints PSONA to help tackle GDPR issues

Mental health charity Mind has appointed customer engagement agency PSONA to deliver a campaign to ‘educate and empower’ its supporters, assisting them in being able to opt-in to Mind’s communications.

Under the new GDPR directive, pre-ticked boxes to give implied consent will no longer be accepted, forcing charities such as Mind to rethink how they contact donors and potential supporters.

Failure to comply with GDPR rules can bring fines of up to 20 million Euros, or 4% of annual revenue, whichever is higher.

“As the changes around GDPR draw nearer, we wanted an agency with strong credentials and experience to help take us through it,” said Annabel Davis, head of communications and marketing at Mind.

“Mind only exists because of the amazing support of people who donate, fundraise, speak out on mental health, and give up their time to volunteer for us or tell us how to improve,” added Davis.

  • 1
  • 2