GDPR may have been in force for well over a year now, but UK staff have yet to change the way they handle sensitive data, with a third (34%) admitting they are still not taking the new regulation seriously even though the vast majority (84%) concede they know about compliance and their responsibilities.
That is the stark conclusion of a new report from ObserveIT, which quizzed 1,000 full-time UK employees, and reveals that, despite the indifference of staff, companies are at least taking GDPR seriously.
According to the study, 83% confirm their bosses have adopted new security policies in the past year.
But one reason for the lackadaisical approach of employees, the report says, is that more than a quarter of the respondents believe they do not actually handle sensitive data at all, while a fifth (22%) believe their information is safer with third-parties.
Finally, half of organisations have recognised that they need a mix of technology, security training and usage policies to make sure their network stays uncompromised.
ObserveIT chief executive Mike McKee said: “Privacy regulations aren’t going away any time soon. In fact, over the next several years, we’ll likely see more regional policies go into effect as consumers demand more transparency around how their information is being used."