The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. However, a survey has found that 93% of businesses are still not fully compliant. With penalties of up to 4% of annual global turnover possible for the most serious breaches, the survey highlights that organisations need to act quickly.
The GDPR gives EU residents greater control over the way in which organisations store and process their personal data. The rules may impact any organisation that handles the personal data of EU citizens.
In the months leading up to the GDPR entering into force, business analytics specialists, SAS, carried out a survey of 183 individuals across a range of sectors to find out the level of preparedness. The respondents all had a role in their organisation’s GDPR planning. The survey included representatives from global businesses.
The key findings were that while just 7% of those surveyed considered their organisation ‘fully GDPR compliant’, 58% of organisations have a plan and 35% expected to have one in place in time for the 25 May deadline. Over half of respondents from EU-based organisations indicated they expected their organisation to be compliant by the time the rules take effect.
Additionally, over 90% of respondents expect the GDPR to improve their data governance and nearly 70% expect the new rules to have a positive impact on customers’ trust.
The survey also flags up some key challenges the GDPR presents. Three-quarters of respondents said the rules will impact upon their organisation’s IT operations and nearly two-thirds said it would ‘significantly’ impact the way in which their company conducts business. Other issues raised included concerns over identifying personal data and skills gaps with regard GDPR compliance.
For UK organisations worried about the fast-approaching deadline, it’s worth noting that many of the principles underpinning the GDPR mirror those set out in the Data Protection Act 1998 (which the GDPR supersedes). However, there are some significant changes. One important provision is that failure to report a data protection breach can attract a fine of up to €10 million or 2% of turnover, in addition to the Information Commissioner’s Office’s current enforcement powers.
One of the key messages is that many organisations will need to adapt existing procedures or develop new ones to deal with the new transparency and individuals’ rights provisions. The GDPR sets a high standard for consent and puts greater emphasis on organisations’ accountability, so governance and effective data protection management will be crucial.
While the headline finding of the SAS survey may suggest that organisations are slow to ensure full GDPR compliance, it also highlights that almost all the representative sample organisations are very much aware of the new rules and are working to comply.
If your organisation is struggling to meet the 25 May deadline, it’s a good idea to identify which areas of the GDPR are relevant. For example, there are provisions relating to cross-boarder data processing that may not apply to all organisations. It’s also important to ensure that all staff who handle customer data at any level are aware of the forthcoming changes and how their responsibilities might change.
The ICO has plenty of information on GDPR preparation and compliance available on its website.
Recruiters love this COMPLETE set of Accredited Recruitment & HR Training – View Training Brochure