Chief Commercial Officer
6 February 2018
Is there a rude awakening on the horizon for UK businesses?
According to a recent government-sponsored survey, less than half of UK businesses and charities are aware of the forthcoming EU General Data Protection Regulation (GDPR), which will be implemented in UK law through the Data Protection Bill on May 25th, 2018.
Given that the law was debated for four years before being approved by the EU parliament in April 2016, this is a somewhat surprising statistic. And with the potential for multi-million-pound fines for non-compliance, are some organisations going to get a nasty wake-up call in the near future?
As might be expected, awareness rates vary from industry to industry, with businesses in finance and insurance at the top, far ahead of the construction and manufacturing sectors. According to the survey, only one in four construction businesses polled said they were aware of the new legislation.
Another surprising finding is that only a little more than one in four organisations that know about GDPR have actually made any changes to their operations. Of course, the regulation will affect some types of organisation much more than others (particularly those that deal with large numbers of consumers), but even so this sounds like a very low figure.
Are some organisations potentially relying too much on the “legitimate interest” clause and assuming that they don’t need to take action?
Boosting cybersecurity to address compliance
One interesting finding is that awareness of GDPR is higher among businesses in which senior managers rate cybersecurity as a “fairly high” or “very high” priority. Among those making operational changes in response to the legislation, just under half of businesses, and just over one-third of charities, have updated their cybersecurity practices.
While the GDPR is not prescriptive on the technology front, many organisations have correctly noted that boosting cybersecurity can nip many data-protection concerns in the bud. Another potential quick-win (and a way to buy time to make deeper changes) is full encryption.
Whether you’re feeling smug about being in the minority of UK organisations that understand GDPR, or worried about achieving compliance come May 25th, Northdoor can offer practical advice and technology solutions that simplify the process of addressing GDPR.
If you would like more information on how Northdoor can assist you, please do get in touch with me.