Are you prepared for GDPR? You should be…
A new survey of 2,000 UK businesses has revealed that two-thirds aren't ready for the general data protection regulation coming into force next May
A staggering 62% of UK businesses have admitted they don’t understand the new general data protection regulation (GDPR) that comes into force next May, according to a report by Reckon.
The survey of 1,863 business owners, carried out by YouGov, has revealed that just 6% of respondents believe they have a good understanding of the new pan-European regulations – which will affect every enterprise that has over 250 members of staff.
Designed to ensure businesses hold and handle consumer data safely, securely and responsibly, all businesses who operate in the data management business, regardless of size, will have to comply with at least some of the regulations.
The requirements stipulated in the new legislation range from stricter rules around securing consent for the use of personal information to, in some cases, the introduction of a designated data protection officer within the workplace.
There are substantial fines for businesses that misuse data or that cannot provide evidence of permission to use a person’s data for a specific purpose – while fines for failing to adhere to GDPR itself reaching up to 4% of a business’s global turnover.
The term ‘personal data’ will also expand to include details like IP addresses and any data stored in cookies.
What should I do as a business owner to prepare for GDPR?
- Consider whether your new obligations as a data processor and review privacy notices and policies to check they are GDPR compliant
- Prepare or update your data security breach plan
- Appoint a data protection officer
- Audit consents to check the data you hold is lawfully processed
- Set up an accountability framework to monitor data security procedures
- Audit international transfers to check you have a lawful basis to transfer data abroad
An important note for businesses owners, it’s highly likely that the UK’s eventual exit from the EU will not change or remove the legislation in any way – with GDPR set to become UK law in 2018.
Mark Woolley, commercial director for Reckon Software’s virtual cabinet, said:
“It’s slightly concerning to see that most small businessees here in the UK don’t understand GDPR and how it will affect their business, despite it becoming UK law in less than a year’s time.
“It’s especially worrying as so much of our business is now managed digitally, placing digital security at the forefront of what we do whether we realise it or not.
“Failure to comply with GDPR can result in fines or punishment. In extreme cases, businesses could see themselves facing a fine that equals between two and four per cent of their global revenue – a sum of money no business wants to part with when simple steps could’ve meant that it didn’t need to happen.
“I’d urge small businesses decision makers to seek the necessary advice to ensure their business is ready, and wherever appropriate, check that the software they’re using makes complying with these rules easy to understand and simple to conduct.”