The results of a recent survey carried out by the UK Government suggest that the country’s business sector is not ready for the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018.
The most worrying aspect of the results is that just 38% of business and groups questioned were actually aware of the introduction of GDPR and the consequences. Although, the number massively surged, to 80%, for larger business and firms, with more than 250 workers.
Despite this, that still means that 20% of large businesses and groups in the United Kingdom are putting themselves in danger of receiving fines of up to 20 million euros, or 4% of annual turnover, whichever is larger, if they are found to be non-compliant with GDPR legislation. Smaller companies could be massively affected by even small penalties, and they are less well-informed; only 49% of small companies and 31% of micro businesses said that they were knowledgeable of GDPR.
What about those those are aware?
The results are no better when you look at businesses and groups that said they are aware of GDPR. Less than 50% of the companies and organisations participating and aware, said that they had made any procedural or security amendments due to GDPR stipulations. Even given the fact that the present Data Protection Act is established, it seems that reforms brought about by GDPR, such as the right to data portability and alterations to the System Access Request (SAR) process, would require some procedural change.
It is difficult to ascertain why United Kingdom companies and organisations seem to be so ill-prepared for the coming introduction of GDPR. It could be that Brexit has made them think that it is less important to be knowledgeable of the implications, or adhere with them. This is not the case as the United Kingdom is still a member of the EU currently.
Even when it departs the EU, any company or organisation processing the personal data of EU citizens will still be expected to adhere, and it is predicted that GDPR stipulations will remain within UK legislation.