With just a year to go, are UK businesses ready for GDPR?

With just a year to go, are UK businesses ready for GDPR?

US firm pays $115mn as data breach settlement; UK firms totalled £3.2mn last year

The European Union’s General Data Protection Regulation (GDPR) will come into force exactly a year from now and is expected to extensively reform existing cyber-security and data protection practices.

We take a look at the industry’s view on GDPR and how prepared organisations are for the upcoming legislation.

A recent global survey conducted on 400 CIOs by Vanson Bourne has revealed that as many as 67% of European companies and 88% of U.S. organisations with European customer data have a clear idea of what the GDPR entails. At the same time last year, only 55% of European companies and 73% of U.S. organisations with European customer data had a clear understanding of the legislation. This marks a significant improvement and implies that a clear majority of companies in Europe will be ready for GDPR by the time it arrives.

The countdown to GDPR starts today!

However, the general awareness on GDPR among consumers is rather disappointing. According to an RSA survey of 2,045 UK consumers, while 76% of consumers have heard of the existing Data Protection Act in force in the UK, only 15% of them are aware of GDPR, which means that a lot of work needs to be done by the government to ensure people are aware of the upcoming data protection regime which is only a year away from implementation. However, the bright spot is that one in every four UK consumers have so far boycotted companies that have poor data protection practices in place.

While awareness is not a major issue, European companies have so far performed better than British ones when it comes to preparing themselves for GDPR. A recent Compuware research revealed that less than one in five UK businesses have a detailed plan in place which conforms to rules laid out in the GDPR.

Brexit and GDPR: How will it affect you?

Dr Elizabeth Maxwell, Technical Director for EMEA at Compuware believes that this is a result of ‘the initial uncertainty over the impact of Brexit on the need to comply.’ This is despite the fact that the government has left no stones unturned to confirm its adherence to the GDPR. Minister of State for Digital and Culture Matt Hancock has emphasized that in order to ensure an uninterrupted flow of data between EU-member states and the UK post-Brexit, the GDPR needs to be implemented in full.

It is also believed that a many UK businesses are either not conversant with the harsh fines and punishments laid out in the GDPR or are not serious about implementing strict data protection practices, despite the fact that the GDPR is very clear on what companies need to do and what will happen if they don’t follow the rules.

One Year to Go: What Next for UK Firms on the Road to GDPR Compliance?

“Organisations can no longer see data breaches as an abstract tech or IT problem; boycotts and penalties are serious business risks and should be a board-level business issue. Make no mistake, there will be businesses that will never fully recover from such a fine if they don’t go out of business entirely. We will all know of the EU General Data Protection Regulation then,” said Rashmi Knowles, Field CTO at RSA.

Among other requirements, GDPR will make it mandatory for companies to conduct data privacy impact assessments to identify risks and mitigations before engaging in high-risk activities, obtain clear affirmative consent from involved parties before initiating data collection activities, identify all personal data, assess how they are stored and for what purpose they are used to prepare for audits and obtain explicit parental consent for any data collected about minors. Age verification of children before data collection will be a must.

Copyright Lyonsdown Limited 2021

Top Articles

Amazon fined a staggering £636 million in Europe for GDPR violations

Luxembourg’s National Commission for Data Protection (CNPD) has imposed an unprecedented fine of €746 million (£636 million) on Amazon for GDPR violations.

SysAdmin Day 2021: Paying thanks to the unsung IT heroes

Today is SysAdmin Day when we should pay tribute to the system administrators working around the clock to keep business running smoothly

Former First Sea Lord says Royal Navy ships are vulnerable to hackers

A former First Sea Lord has warned that Royal Navy ships and Britain's merchant fleet could become sitting ducks for hackers if adversaries find ways to knock out satellite communications.

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]