Evidence Suggests Looming GDPR Is Still Being Ignored by British Businesses
Latest evidence shows that there remains a lot of confusion about GDPR and its likely impact on British Businesses, including around the role of Brexit. A new sense of urgency is required: the ICO has warned Brexit is no excuse and time is running out.
The European Union’s updated data protection legislation, the GDPR will strictly regulate the collection, storage and management of EU citizens’ personal data for all firms that deal with it – wherever they are located.
Rights will include greater protection around the right to be forgotten and requirements for organisations to secure express consent for the way personal data is held or used as well as new rules around the reporting of data breaches. What’s more, under GDPR, personal data is a very broad term – for example, it includes IP addresses.
Businesses that do not comply will face stiff fines – up to 4% of their global turnover or €20 million, whichever is greater.
British Businesses Are In Denial
GDPR comes into effect in less than a year – on 25th May 2018.
Yet a recent IBM whitepaper found that only 25% of IT leaders questioned fully understood the regulation. 8% had no idea what GDPR was. And 5% wrongly thought GDPR no longer applied to British businesses after Brexit.
It’s a state of affairs that has prompted the Information Commissioner’s Office (ICO) to repeatedly state that Brexit is no excuse: UK businesses must comply.
A New Parity of Protection?
The UK Government announced last week that it will be continuing to bring GDPR rights into UK law post Brexit, so that UK citizens will continue to have similar rights to EU citizens.
One of the main aims of the bill is to replace the data protection act in a way that ensures the UK’s laws are compliant with the EU’s GDPR.
As well as avoiding the situation where a UK business that holds data on both UK and EU citizens would have to give more protections to EU citizens than UK citizens around the data it holds on them, bringing equivalent standards into UK law will serve to ensure that data can continue to flow freely across borders after Brexit.
How Should British Businesses Respond?
If they haven’t already, British Businesses must make themselves familiar with the detail of the GDPR.
Although the IBM poll found that 62% of respondents were aware of the regulation, this 62% also admitted they needed to know more.
Only 27% of the IT leaders polled said their businesses were fully ready.
There is a lot of information about what GDPR is and what it isn’t, bust some myths by reading it from the perspective of the ICO themselves.
The regulation is complex and understanding how it will impact your business operations, processes, data management, and staff training is important – especially with less than ten months to go.
All companies should be planning how they are going to respond to the regulation, ideally through cross-functional compliance teams tasked with understanding and planning for what compliance looks like for your business.
The importance of getting started now cannot be underestimated if British businesses are going to be compliant come May 2018.
‘Giving Data Proper Respect’ perhaps starts with a healthy bit of attention to cyber security in general – here’s what the ICO herself, Elizabeth Denham, has to say on getting your Cyber Security in order.
Help is at hand: Grant McGregor can offer assistance to businesses who would like a fast-track approach to understanding the implications of GDPR for their businesses and designing and implementing strategies for compliance.
If you do nothing else to get started then get a solid baseline of security in place in your business by ensuring you comply with the UK Government’s own Cyber Essentials or the audited Cyber Essentials Plus standards.
Grant McGregor can help you achieve this – find out how.
Contact us today on 0808 164 4142.