Survey reveals breaches
Lawyers among firms failing to apply GDPR rules
New rules on protecting data were introduced in May
Law firms are among professional services firms risking penalties by failing to adhere to some of the new GDPR rules on privacy.
According to a survey of 1,002 UK workers in full or part-time employment 30% of professional services businesses had not wiped the data from IT equipment they disposed of in the two months following GDPR’s introduction in May.
The workers surveyed were from a wide range of professional services including law and accountancy firms.
The research also found that 81% of all UK professional services businesses do not have an official process or protocol for disposing of obsolete IT equipment.
Furthermore, 48% of professional services workers admit they wouldn’t even know who to approach within their company in order to correctly dispose of old or unusable equipment.
According to the research carried out by Probrand.co.uk the top 5 industries most guilty of not clearing the memory of IT equipment before disposal in the months following GDPR were transportation (72%), sales and marketing (62%), manufacturing (59%), utilities (58%) and retail (57%).
Matt Royle, marketing director at the company, said: “Given the amount of publicity around GDPR it is arguably impossible to be unaware or misunderstand the basics of what is required for compliance.
“So, it is startling to discover just how many businesses are failing to both implement and follow some of the simplest data protection practices.
“This is especially startling to see from businesses within the professional services sector, where sensitive customer information is handled all the time.
“The fines involved in a GDPR breach can potentially run into the millions – and what appear to be less tangible impactors, like reputational damage, customer trust and loyalty, will ultimately become financially significant.
“Given these findings, it is clear that more needs to be done to ensure that all businesses have a disposal procedure in place to avoid inadvertently leaking sensitive data.