Despite GDPR legislation having come into effect over four months ago, the majority of UK businesses in the utilities sector are now risking penalties by failing to adhere to some of the rules.
That’s the finding of a survey of over 1000 British workers in full or part-time employment, carried out by IT company Probrand.co.uk.
It found that the majority (58 per cent) of businesses in the utilities industry failed to wipe the data from IT equipment they disposed of in the two months following GDPR.
And Proband said that the news “is perhaps less surprising” given the research also found that 92 per cent of all UK companies in the utilities sector do not have an official process or protocol for disposing of obsolete IT equipment.
What’s more, 92 per cent of workers in the utilities sector admit that they wouldn’t even know who to approach within their company in order to correctly dispose of old or unusable equipment.
Worryingly, according to the data, utilities ” many of which will have customer addresses and contact information on their systems ” are one of the industries most guilty of this.
The only industries with an even worse record of not clearing the memory of IT equipment before disposal in the months following GDPR were transportation (72 per cent), sales and marketing (62 per cent) and manufacturing (59 per cent).
Matt Royle, marketing director atà‚ Probrand.co.uk,à‚ said: “Given the amount of publicity around GDPR it is arguably impossible to be unaware or misunderstand the basics of what is required for compliance. So, it is startling to discover just how many businesses are failing to both implement and follow some of the simplest data protection practices.
“This is especially startling to see from businesses within the utilities sector, where sensitive customer information including address details and card numbers are handled all the time.”
Royle said that the fines involved in a GDPR breach “can potentially run into the millions ” and what appear to be less tangible impactors, like reputational damage, customer trust and loyalty, will ultimately become financially significant.
“Given these findings, it is clear that more needs to be done to ensure that all businesses have a disposal procedure in place to avoid inadvertently leaking sensitive.data.”
Putting in place the right security and encryption processes and systems to protect sensitive data, in particular customer data, in line with the GDPR directive, will be discussed at European Utility Week next month. Click here for details.