A new survey has revealed that a huge number of companies in the East Midlands are not prepared for the significant data protection regulation changes which come into effect next year.
In a survey, commissioned by law firm Irwin Mitchell, 71% of the 2000 businesses questioned said they have not started preparing for GDPR.
The General Data Protection Regulation comes into effect in May 2018 and will mean significant changes to the ways in which businesses can gather and store a person’s personal information. The regulation was passed last year with a two-year preparation period being given for businesses to get ready. However, this new survey highlighted that only 3 in every 10 East Midlands businesses have started to make their preparations.
GDPR brings in a number of wide-ranging changes to data protection. Amongst them are the right for a person to be forgotten and the need to have explicit consent before personal data is stored.
The fines for not complying with GDPR are really significant, and should be the main driver for all businesses to get prepared now. If you are found not to be in compliance of GDPR when it launches in 2018 you could be fined the maximum penalty of either £20 million or 4% of your businesses turnover from the previous year – whatever is higher. It’s a sum of money which is likely to fold many businesses if found guilty of a breach.
However, some have pointed out that this widespread lack of action offers a potential opportunity for some businesses to differentiate themselves from their competitors by kickstarting their preparations.
As quoted by the East Midlands Business Link, Stuart Padgham, partner & National Head of Commercial at Irwin Mitchell said: “It is important to recognise that taking a proactive approach towards GDPR compliance will potentially reap financial benefits. Good data governance can build customer trust and the right permissions can also help businesses take advantage of the Big Data Revolution and enable them to commercialise their data for competitive advantage.”
More information about GDPR can be found on the Information Commissioner’s Office website.