Here's a facepalm moment for you this morning – a quarter of UK businesses stopped preparing for the GDPR, thinking the regulation won't apply once the UK leaves the EU.
The GDPR, or General Data Protection Regulation, has been ratified by the UK and will come into force on May 2018 – which will almost certainly be before the UK leaves the EU.
Even if the UK leaves before, however, the GDPR will still apply for all companies wanting to do business with the EU.
Crown Records Management has polled IT decision makers in the UK, and came to results which it calls ‘shocking’:
• 24 per cent of firms have cancelled all preparation for the regulation.
• A further four per cent have not even begun preparation.
• 44 per cent think the regulation will not apply to UK business after Brexit
For the Director of Information Management at Crown Records Management, John Culkin, the results are ‘alarming’:
“For so many businesses to be cancelling preparations is a big concern because this regulation is going to affect them all in one way or another. Firstly, it is likely to be in place before any Brexit. Secondly, although an independent Britain would no longer be a signatory it will still apply to all businesses which handle the personal information of European citizens. When you consider how many EU citizens live in the UK it’s hard to imagine many businesses here being unaffected.”
But it’s not all doom and gloom, though. Almost three quarters (70 per cent) of businesses with 100 employees or more have already hired a data protection officer, which is one of GDPR’s requirements. Half have started training staff, and 72 per cent have reviewed data protection policies. Also, almost half (44 per cent) have undertaken an information audit.
Source: IT Pro Portal