73% of UK businesses unprepared for the GDPR

Research published by the UK’s first fully compliant GDPR job board, CareersinCyberSecurity.co.uk, and London law firm Hamlins LLP, revealed that hundreds of thousands of UK businesses are potentially at risk of huge fines for non-compliance of the GDPR. The research surveyed 207 business owners, directors and senior management in the UK between April and May 2017.

Findings included:

  • More than two thirds of those surveyed are aware of the upcoming Regulation and when it will come into force.
  • 73% (seven in ten businesses) have not allocated any budget to facilitate compliance.
  • 53% have not appointed a Data Protection Officer (DPO).
  • 15% believed that Brexit would preclude UK businesses from having to comply.
  • 12% said that they did not have the funds to comply.
  • 11% did not consider there to be a business risk.
  • 10% did not want to get caught up in red tape.

In addition, some businesses believed that their size removed the requirement to comply. When the GDPR comes into force on 25 May 2018, a number of key changes will impact organisations regardless of their size or turnover, and failure to comply could lead to fines of up to 4% of annual global turnover or €20 million – whichever is greater.

Simon Wright, operations director, CareersinCyberSecurity.co.uk, said:

“Whilst some businesses will be exempt from appointing a Data Protection Officer, there are hundreds of thousands of businesses currently exposed because they do not have the right calibre of staff to deal with data protection law and practices and ensure they can honour all the obligations under the GDPR.

“Experts in the data protection field, could find themselves in high demand and in some circumstances in a good position to name their price, as there is currently an estimated shortfall of 7,000 DPOs in the UK alone.”

Matthew Pryke, a partner at Hamlins who regularly conducts data protection audits for SMEs, said:

“Despite awareness about the GDPR, too many businesses are complacent and think because of their size or nature of business they are somehow exempt from having to comply.

“Regardless of Brexit, this regulation – even with the words EU fronting the name – will still apply for all businesses operating in the UK.

“Those who leave it to chance and don’t prepare now, could be left high and dry if the Information Commissioner’s Office finds businesses breach regulations.”

A key component of any organisation’s GDPR compliance framework is staff awareness and education. With the Regulation stipulating significant fines for non-compliance, it is essential that your staff have an understanding of the new Regulation’s requirements. However, as businesses rush to meet the compliance deadlines, staff awareness could potentially be overlooked or forgotten.

Are your staff aware of the GDPR?

The GDPR Staff Awareness E-learning Course is a quick, affordable and effective means of delivering training to multiple learners. The course is suitable for all employees whose job involves processing and storing personal data and also for non-technical staff. Help ensure your organisation is fully GDPR-compliant by enrolling your staff onto the GDPR Staff Awareness E-learning course.

Find out more >>