Businesses grossly unprepared for GDPR, survey reveals

A survey of 480 employees from companies across various industries has shown that a quarter of businesses put no effort into protecting data on USB drives. Staggeringly 20 percent of companies have no plans to do more to ensure data security despite the fact that new regulations, and potential hefty fines, come into effect in May 2018. The survey has also revealed an over-reliance on unencrypted USBs, along with a surprising amount of negligence on behalf of USB users.

The survey by Kingston Technology shows that more than 4 out of 5 USB drives used by employees across the UK do not use hardware-based encryption.  Despite the fines of up to €20 million or 4% of global annual turnover for the preceding financial year,

27 percent of these drives used to store professional and confidential data adopt no security measures at all.

The survey shows that encryption is not the only risk associated with USB drives, with 38 percent of employees admitting that USBs had gone missing or were stolen. Of those missing drives, around 7 in 10 employees were “not sure” what had happened to them.

With companies so reliant on USB drives – 60 percent of those surveyed said that their company had over 5 USBs in use, with nearly a third of individual employees also admitting to currently using over 5 drives in the workplace – the need for better education surrounding their use is clear.

Ann Keefe, Regional Director UK & Ireland at Kingston Technology, says: “The onus is on companies to make sure all employees are aware of the dangers of not fully protecting USB data. Just one lost or stolen drive is putting a company’s data at risk and could prove a costly mistake, so it is important to educate and train employees on USB data security.

“Employees should also be encouraged to use hardware-based encrypted drives in order to provide a vital extra layer of protection against data leaks. Remote management of that data helps to safeguard the company from any drive that might be lost inadvertently, giving employees and companies peace of mind that their data is secure.”


GDPR Summit London is a dedicated event which will help businesses to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.

Further information and conference details are available at http://www.gdprsummit.london/