Many IT pros are still not sure what the EU GDPR means to them

Many IT professionals are still unaware of what the EU GDPR means to their organisation with 20 percent being oblivious to the possibility that a data breach could lead to fines of up to €30m (£23m) or four percent of annual turnover.

iStorage carried out a survey that gathered insight from a wide range of IT pros during InfoSecurity Europe 2016 in London. The research revealed that 28 percent of respondents don't know that a data breach should be reported within 72 hours under the new regulation, which is taking effect in May 2018.

A quarter (25 percent) were not aware that personal data must be encrypted to comply with the new regulation. A further 60 percent of respondents didn't know that a Data Protection Officer (DPO), required within certain businesses, was not required for organisations having fewer than 250 employees.

“It is important to get the message out there that GDPR is very much on the horizon and it is applicable to all organisations,” said John Michael, CEO of iStorage.

“All businesses will have to ensure personal information is protected by adequate security, therefore preventing any data breaches which can lead to hefty fines. Many security breaches occur from the theft or loss of portable storage devices; businesses should ensure that all portable media devices containing personal information are robustly encrypted to the highest standard,” he said.