A recent report from Collyer Bristow*, one of Londons leading law firms, found that 55% of organisations with over 250 staff are unaware of GDPR.
Based on the 2017 company figures from the Office of National Statistics (ONS) there are 2.69 million PAYE and VAT registered business in the UK. About 50,000 of those have more than 250 staff. By extrapolating the results of the survey, we could estimate that 1.4 million of these businesses are unaware of GDPR. The General Data Protection Regulation is one of the most significant pieces of new legislation on the statute books.
What will happen?
After the effective date of the 25 May 2018, we will see heightened attention such as:
- consumers will be more aware of their rights and will exercise them
- poorly managed breaches of information security will come under considerable scrutiny
- websites, forms and contracts may not carry their previous legal weight and could even be illegal
- companies that have worked hard to comply will not hesitate to report others who haven’t bothered
- organisations working to comply will be asking anyone processing personal data for them for evidence of compliance
Of course, on that date, there are no automatic fines. Organisations of all types need to realise that not having a plan to become compliant and lack of action will not be a defendable position. The Information Commissioners Office has said that applying the potentially business-ending fines is a final measure. However, they won’t look kindly on those that have not even tried.
Get your action plan on the go by completing an assessment using the Gydeline on-line software which will not only get you on the road to compliance but will help you keep up with the emerging guidance and best practice as it develops.
* The Collyer Bristow survey of 460 decisions makers in SME businesses – no longer available to download