A new study published by Trend Micro has revealed some worrying signs about C level executive awareness of GDPR penalty implications. A staggering 66% of respondents to the survey appear to be dismissive about the scale of fines that corporations will receive in the event of non-compliance.
Trend Micro conducted a comprehensive analysis of the current state of GDPR awareness across multiple industries. The survey gathered responses from 1,132 interviews with IT decision makers from businesses with more than 500 employees in the United States, the United Kingdom, France, Italy, Spain, Netherlands, Germany, Poland, Sweden, Austria and Switzerland.
According to the survey findings, only 33% of the respondents fully grasp the size and scale of potential fines that could result from noncompliance with the new EU regulation. 66% of the businesses that responded to the survey considered that reputation and brand loyalty damage would be the biggest problem in the event of a breach of the new regulation. These results reveal that there is a genuine lack of awareness of the size of potential noncompliance penalties that will eventually be handed out by the EU authorities. The reality is that businesses that will be found to be in breach of the new rules could face fines of up to €20 million euro or 4% of the global annual revenues of their business activities.
Trend Micro also uncovered another worrying perception in the market as to who is held accountable for the loss of EU data by a US service provider. Only 14% of respondents could correctly identify that the loss of data is the responsibility of both parties. 51% of respondents wrongly believe that the fine goes to the EU data owner, while 24% believe that the US service provider is actually at fault.
Commenting on the survey results, a VP of security research at Trend Micro, Rik Ferguson stated that investing in state of the art equipment and employing data protection policies should be seen as a wise business practice and not just an operational burden.