With just a year to go, are UK businesses ready for GDPR?

With just a year to go, are UK businesses ready for GDPR?

US firm pays $115mn as data breach settlement; UK firms totalled £3.2mn last year

The European Union’s General Data Protection Regulation (GDPR) will come into force exactly a year from now and is expected to extensively reform existing cyber-security and data protection practices.

We take a look at the industry's view on GDPR and how prepared organisations are for the upcoming legislation.

A recent global survey conducted on 400 CIOs by Vanson Bourne has revealed that as many as 67% of European companies and 88% of U.S. organisations with European customer data have a clear idea of what the GDPR entails. At the same time last year, only 55% of European companies and 73% of U.S. organisations with European customer data had a clear understanding of the legislation. This marks a significant improvement and implies that a clear majority of companies in Europe will be ready for GDPR by the time it arrives.

The countdown to GDPR starts today!

However, the general awareness on GDPR among consumers is rather disappointing. According to an RSA survey of 2,045 UK consumers, while 76% of consumers have heard of the existing Data Protection Act in force in the UK, only 15% of them are aware of GDPR, which means that a lot of work needs to be done by the government to ensure people are aware of the upcoming data protection regime which is only a year away from implementation. However, the bright spot is that one in every four UK consumers have so far boycotted companies that have poor data protection practices in place.

While awareness is not a major issue, European companies have so far performed better than British ones when it comes to preparing themselves for GDPR. A recent Compuware research revealed that less than one in five UK businesses have a detailed plan in place which conforms to rules laid out in the GDPR.

Brexit and GDPR: How will it affect you?

Dr Elizabeth Maxwell, Technical Director for EMEA at Compuware believes that this is a result of 'the initial uncertainty over the impact of Brexit on the need to comply.' This is despite the fact that the government has left no stones unturned to confirm its adherence to the GDPR. Minister of State for Digital and Culture Matt Hancock has emphasized that in order to ensure an uninterrupted flow of data between EU-member states and the UK post-Brexit, the GDPR needs to be implemented in full.

It is also believed that a many UK businesses are either not conversant with the harsh fines and punishments laid out in the GDPR or are not serious about implementing strict data protection practices, despite the fact that the GDPR is very clear on what companies need to do and what will happen if they don't follow the rules.

One Year to Go: What Next for UK Firms on the Road to GDPR Compliance?

"Organisations can no longer see data breaches as an abstract tech or IT problem; boycotts and penalties are serious business risks and should be a board-level business issue. Make no mistake, there will be businesses that will never fully recover from such a fine if they don’t go out of business entirely. We will all know of the EU General Data Protection Regulation then,” said Rashmi Knowles, Field CTO at RSA.

Among other requirements, GDPR will make it mandatory for companies to conduct data privacy impact assessments to identify risks and mitigations before engaging in high-risk activities, obtain clear affirmative consent from involved parties before initiating data collection activities, identify all personal data, assess how they are stored and for what purpose they are used to prepare for audits and obtain explicit parental consent for any data collected about minors. Age verification of children before data collection will be a must.

Copyright Lyonsdown Limited 2020

Top Articles

Malaysia Airlines flyers impacted in 9-year-long supplier data breach

Malaysia Airlines has suffered a major breach that compromised personal data records of its frequent flyer customers for over nine years.

Universal Health Services lost $67m to a Ryuk ransomware attack last year

Universal Health Services said the cyber attack cost it $67 million in remediation efforts, loss of acute care services, and other expenses.

How the human immune system inspired a new approach to cyber-security

Artificial intelligence is being used to understand what’s ‘normal’ inside digital systems and autonomously fight back against cyber-threats

Related Articles