Over a year into the revised GDPR and Data Protection legislation and it seems that a third of Europe’s businesses may still not be compliant with the updated laws. According to a survey of European middle-market businesses across 34 countries, 30% of them acknowledge that they are still not compliant with GDPR.
Indeed, we have seen evidence (and had feedback from our own clients) that suggests many small and medium UK businesses now perceive that GDPR has ‘been and gone’ and is no longer a priority in their business environment given the potential effects of Brexit on their business is currently dominating thinking and planning.
This is despite the damage that could be inflicted from rising fines and harmful publicity affecting their hard-earned business reputations if they get it wrong.
The survey, which was conducted on behalf of the RSM Group, revealed that only 57% of businesses were confident they are compliant with the changed legislation. A further 13% responded that they were unsure either way.
It reveals that many businesses still do not understand when consent is required to hold and process data, while a third are unsure how they should monitor their employees’ use of personal data and 34% don’t understand what procedures are required to ensure third party supplier contracts are compliant.
Encouragingly though, almost two thirds of businesses said that GDPR requirements had stimulated them to examine and improve the way they manage their customer data whilst one third stated they now ran a more operationally effective business as a result.
Following a record £138 million fine for British Airways, the penalties from the Information Commissioners Office are starting to intensify so many businesses will need to sit up and overcome any previous GDPR fatigue or complacency.
The ICO have often said that regardless of size those businesses who fail to comply are at risk of hefty fines. If you are concerned your business does not comply, you are not alone.
You can read the full report from RSM here.
We have extensive experience in data protection for businesses and corporations, if you think we may be able to help you or you’d like to discuss your company approach and whether it adequately meets the legal requirements, get in touch. [email protected] or call 01274 562630.