A little over two years since GDPR took effect and a few days after California began to enforce the CCPA, a study found more than one-third – 37 percent – of U.K. cybersecurity professionals expect the number and monetary amount of fines their employers face for not adequately safeguarding data will increase by 2025 even though more than three-fourths (76 percent) believe their companies’ processes for storing data safely are “good” or “excellent.”

Among the 1,000 queried British IT workers in late April, six percent anticipate a dramatic rise in penalties and only three percent of the respondents foresaw their companies paying less in penalties and not be in hot water with regulators, according to a new study from DSA Connect.

Five percent admitted their data disposal processes are “poor,” and a fifth of them said they didn’t know whether the information is being handled safely.

Almost half (47 percent) didn’t know whether a data-sanitization policy was in place, while 38 percent they had one and 14 percent didn’t.

Nearly a third (30 percent) said that over the past 12 months they’ve worked with more data, while 57 percent there hasn’t been a change and seven percent reported the level has fallen.  

“Employers need to invest more time and resources in enhancing their [data disposal] strategies,” said DSA Connect Chairman Harry Benham, citing a rise in the number of cyberattacks and ever more stringent legislation around protecting client data and how they use it.