More than half of European companies do not know about legislation planned to unify data protection laws, according to Ipswitch.
The EU General Data Protection Regulation (GDPR) was proposed in 2012 and aims to apply a single set of data protection rules across the European Union (EU) to protect user’s data.
Organisations will be expected to report a breach in 72 hours, and give data owners the right to request a copy of the personal data they hold, and the right to have personal data erased.
The regulation will impose greater fines on organisations that break the law.
Alessandro Porro, vice-president of international sales at Ipswitch, said: “GDPR includes an obligation to protect personal data across the borderless enterprise. IT professionals should review and bolster their data processing policies and practices now, before the regulation comes into effect.”
The proposed regulations are planned to begin at the end of 2014, coming into effect over the next two years.
Ipswitch found over half of employees could not accurately describe what GDPR was, and 52% admitted their firms were not ready for the changes the regulations might bring.
Read more about data protection
When Ipswitch conducted a survey of organisations' awareness of the proposed regulatory changes, only 12% thought they were ready for the changes, while 64% were not sure when the changes to data protection law would take effect.
But many firms are planning to improve the situation in 2015, with 26% saying they will make improving security policies a key focus over the next year.
Of the European companies surveyed, the UK was most likely to store sensitive data in the cloud, but only 7% said they were worried about the safety of personal images stored on devices or elsewhere.