Fines and loss of customer trust are the consequences if companies ignore the new GDPR directive
Specialist consultancy Tailored Data Solutions has urged company directors to start taking new data compliance more seriously, as implementation of wide sweeping changes is now only weeks away.
The EU General Data Protection Regulation replaces existing data laws on 25th May 2018.
The wake-up call to step up preparations comes as evidence mounts that many organisations in the UK are inadequately prepared. Not least, as the new rules include pressure on companies to tangibly prove they take stringent data privacy and security measures.
According to Tailored Data Solutions’ Mike Lenard, some organisations are still in the dark that the new laws even apply to them.
He said: “At the end of last year I spoke at an Executive Leaders Network about the work needed to meet compliance to the GDPR. There were around 300 people at the event, from a wide range of sectors, including CEOs, data protection officers, company secretaries, lawyers, IT and marketing teams. On speaking to them, I discovered that around 80% of the delegates were not ready to deal with the new legalisation. Perhaps most worrying, there were still pockets of opinion that the GDPR was not their problem.
“Has the situation improved drastically since then? Recent reports suggest quite the opposite.”
According to the latest Global Forensic Data Analytics Survey, only a third of businesses (33%) have their plans in place to comply with the GDPR. It appears that businesses in Europe have embraced it more readily with 60% of those questioned reporting that they have a compliance plan in place. The Big Four firm said more work was needed to be done to improve readiness in other markets.
In Asia-Pacific, only 12% of businesses believe they are ready for GDPR. The Americas (13%) and Africa and the Middle East (27%) also displayed low levels of readiness in the research.
The UK’s lack of preparedness is echoed by research from the Institute of Directors. A survey at the end of 2017 found that a third of directors had not heard of GDPR, while four in 10 were unaware of how it would affect their business.
Lenard added: “This is partly because there is still a lingering misguided view that the new laws don’t apply in Britain. In fact, the GDPR has worldwide impact on any organisation that holds data on EU citizens.
“Ignoring it, or falling short of new data management and control rules, could prove fatal. Noncompliance fines could amount to as much as €20 million or 4% of annual turnover.”
When the GDPR goes live, it will dictate how organisations gather, store, use, encrypt and dispose of data. Its aim is to address a 475% increase in data breaches (between 2015 and 2016) that has badly shaken consumer confidence.
To support organisations to meet GDPR compliance in the coming weeks, Tailored Data Solutions is offering a reduced rate for its GDPR consultancy services. This includes a company visit and a robust set of recommendations to help meet the deadline, opening the door to greater clarity and training to manage data more effectively.