Majority of businesses still unaware of GDPR legislation
Posted on in Business News , Cycles News , Creative News, Outdoor News
Two-thirds of SME owners have no knowledge of General Data Protection Regulation (GDPR) legislation, or have any plans in place to comply, despite its introduction being just a few months away.
Under GDPR legislation, which comes into force in May 2018, all employers will have increased responsibility for handling data within their business.
Ben Mitchell, vice president at DocsCorp Europe, Middle East and Africa, said: "There are a number of important steps that businesses should take before the May 2018 deadline. Firstly, evaluate all internal operations that involve the handling of secure data. Identify any areas that might present the risk of a data breach, and design processes to minimise that risk. Train employees where necessary, and implement smart systems and software to ensure security.
"Finally, understand the processes for reporting any breach to the proper [European Union] authorities, because failure to report may escalate sanctions, penalties and fines, which can be up to €20,000,000, or 4% of [the] organisation's global turnover, whichever is higher."
Patrick Wheeler, partner and head of intellectual property and data protection at Collyer Bristow, comments, "A lot of businesses - particularly SMEs - in the UK still have a long way to go to be GDPR-compliant by May, and the clock is ticking. This is despite all the recent publicity.
"It cannot be overstated just how far reaching a change the GDPR will be to the data protection landscape in the UK. It impacts any business that deals with personal data - no matter how small.
"The potentially-enormous penalties mean that no business can afford to treat its data protection policies and procedures as a low priority.
"With nearly one in five businesses saying they would be at risk of going insolvent if they had to pay the maximum penalty, data regulation compliance can potentially have wide reaching consequences for the whole firm.
"The good news is that businesses still have time to get their data protection in order, so long as they act quickly. A business that starts working on this today can be a compliant business on day one of the GDPR."
What next?
In the UK, the Information Commissioner's Office (ICO) is the independent authority set up to "uphold information rights in the public interest" and ensure that organisations handle and protect data properly.
The ICO has produced a checklist tailored specifically for small businesses. It can be downloaded here, and walks you through the process, step by step. From deciding if you really need the information you're collecting, to ensuring customers are aware they're being recorded by CCTV, the checklist helps you assess how your business is currently collecting and protecting data and where improvements need to be made.