With just six months to go until the new EU General Data Protection Regulation (GDPR) introduces sweeping new requirements for companies handling personal data, more than 30% of UK businesses have done nothing to meet the new rules and almost a third have never even heard of it, new research shows.
GDPR—which comes into force on 25 May 2018—provides a string of new rights for EU citizens and imposes a host of new responsibilities on any company with customers or employees in Europe in terms of collecting, storing, managing and using personal data.
The new research by learning provider Litmos Heroes found that, despite the threat of “eye-watering” fines of up to 4% of annual worldwide turnover or €20m (whichever is greater) for companies found in breach, 10% of UK companies aren’t planning on doing anything about the regulation.
The study of more than 500 UK business leaders and decision-makers also found that 60% of businesses haven’t formed a plan to make sure all staff who handle data are aware of GDPR, while nine out of ten admitted that if the regulation was introduced tomorrow, they wouldn’t be ready.
It also found that 6% of businesses don’t currently comply with current data protection laws, and 10% are fully aware that their own online safeguards are not sufficient to protect customers from cyber-crime.
Tom Moore, managing director of Litmos Heroes, said that now was the time for businesses to act. “This study has painted a really interesting—and slightly concerning—picture of how seriously some UK businesses are taking GDPR.
“Make no mistake, the new regulation is coming, and if you handle the data of any EU citizen—Brexit or no Brexit—it will apply to your business.”