Businesses not ready for GDPR, survey reveals
Many businesses will not be ready for far-reaching data protection rules that come into force one year from today (25 May), according to a new survey.
Marketing trade association the DMA claims that nearly half of UK businesses do not expect to be ready for the General Data Protection Regulation, and a further quarter have yet even to start a GDPR plan.
The EU regulation, which will come directly into force in the UK before Brexit takes effect, will replace the Data Protection Act and restate the existing data protection principles. It widens the list of rights that a data subject can exercise, and introduces a "right to be forgotten". Data controllers will have to keep records of data they process, and will have to report data breaches. Fines for breaching the rules will be substantially increased.
Just over half (54%) of businesses say they are on course or ahead of their plans to be ready for GDPR by 26 May 2018, down from 68% in February, with a further quarter of companies (24%) yet to even start a GDPR plan.
In addition, specific GDPR guidance for business, released by the Information Commissioner's Office and others, may have caused more concern than assistance. The DMA’s CEO, Chris Combemale said the guidance had the potential to penalise organisations that took action, perhaps in consultation with the ICO, at an earlier date.
"Recent announcements and guidance from the ICO have caused much concern, that the interpretation of the laws is overly strict, penalising the companies most committed to best practice, honesty and transparency", he commented. "What the industry needs is balanced and fair guidance from the ICO and Article 28 Working Party. With just 12 months to prepare we need this guidance urgently if we’re expected to be ready in time.”
He added: “As Britain’s role in the world changes, we must look at a global approach to free trade with free movement of data at its heart and the UK at the centre. Britain, as the leading digital economy, is well placed to be this global centre of innovation, skills and competencies driving global economic growth. But we need clear guidance from regulators or risk the consequences come 26 May 2018.”
Click here for an article describing the GDPR.