Lack of preparation for new EU data protection law putting UK firms at risk

The EU General Data Protection Regulation (GDPR) – a new Europe-wide data protection law that will supersede national laws such as the UK Data Protection Act (DPA) – will affect every organisation that processes EU citizens’ personally identifiable information (PII) when it comes into force in just two years.

GDPR and Brexit

The Regulation is concerned with who data relates to, not where it’s processed or who collects it. So, even if the UK votes to leave the EU in June, every UK company that wants to continue doing business in the EU will still have to comply.

Lack of GDPR preparation

The Regulation has taken around four years to steer a somewhat turbulent course through various debates, discussions and ‘trilogue’ meetings to become law, but despite this rather lengthy legislative process, its ultimate aim has always been clear: organisations must better protect the data they gather, process and store.

Despite this apparently obvious fact, corporate preparedness for the new requirements still seems to be poor:

Time has now run out: now that the GDPR has been formally approved, organisations have only two years in which to bring themselves to a state of compliance.

The DPA prescribes fines of up to £500,000 – a hit that many businesses can take, even if they obviously don’t want to. The GDPR, however, stipulates significantly greater penalties for non-compliance: breached firms can face fines of 4% of annual turnover (not profit) or €20 million – whichever is higher.

In stark terms: businesses actually going bust if/when they suffer a data breach is now a very real risk.

EU GDPR audit

The publication of the GDPR in the Official Journal of the European Union today means you’ve got until May 2018 to comply with the Regulation’s requirements, or potentially face heavy penalties. If you haven’t done so already, you need to start your change programmes now.

All organisations should have a clear idea of the personal information they hold, including where it originated from and who it can be shared with.

Contact IT Governance now for assistance with your EU GDPR audit >>

Certified EU GDPR Foundation training course

And if you need to learn about the GDPR’s requirements, how they’ll affect your organisation, and how you can achieve full compliance with the Regulation, you’ll be interested in our one-day GDPR Foundation training course.

Click for more information on the EU GDPR Foundation training course >>

EU General Data Protection Regulation Documentation Toolkit

Pre-order the EU GDPR Documentation Toolkit and receive all the critical documents your organisation needs to ensure compliance with the new Regulation, including documents covering Data Protection Policy, DPO requirements, Privacy Impact Assessments, Incident Response and Breach Reporting.

Click for more information on the EU GDPR Documentation Toolkit >>

Alternatively, call +44 (0)845 070 1750 today.