News » GDPR? Was that *next* May? 2017-05-30

Article Taken from TheRegister

UK businesses are risking damaging fines by ignoring the implications of upcoming data protection rules, according to a new survey.

A poll of 2,000 businesses by YouGov exposed a significant lack of awareness and urgency among many businesses concerning the General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018. Only three in every 10 (29 per cent) have started preparing for the new data governance rules.

The majority of British businesses are unaware of the new wide-ranging data protection rules, despite 18 per cent admitting the maximum fine for non-compliance would force them out of business and 21 per cent saying it would lead to large-scale redundancies.

GDPR – which will replace existing data protection laws – represents the biggest change in 25 years to how businesses process personal information, according to law firm Irwin Mitchell.

Under the new rules, the maximum fine for data breaches in the UK will rise from £500,000 to €20m or 4 per cent of global turnover, whichever is larger. Despite this severe sanction that affects virtually all businesses, only 38 per cent of those quizzed said they were aware of the rules and 71 per cent are unaware of the new fines.

Joanne Bone, partner and data protection expert at Irwin Mitchell, the firm that commissioned the survey, said: “These results are concerning because with next May’s deadline fast-approaching and with so much at stake, our study reveals there’s a very real possibility that the majority of organisations will not be compliant in time.”

Notification of certain data breaches where there is an impact on privacy, such as a customer database being hacked, must be made to regulators with 72 hours under GDPR. Only one quarter (26 per cent) of businesses expressed confidence that they would be able to detect a data breach within their organisation.

To read the original article click here, link opens in a new window