Risking a maximum fine of £500,000 for breaches of data rules
A quarter (24 per cent) of London businesses are not aware of the new General Data Protection Regulation (GDPR) – with only a few months to go before it becomes law, a new survey has found.
The poll of more than 500 businesses commissioned by London Chamber of Commerce and Industry also found that, of those business decision-makers who believe that the GDPR will affect them, just 16 per cent say their business is already prepared for it.
Of the same group, one in five (21 per cent) say their business would like to prepare for the GDPR but needs to find out more about it.
One in three (34 per cent) of the London business community say that the GDPR is not relevant to their business.
Chief Executive of London Chamber of Commerce and Industry said: “Businesses that are already vigilant about their data protection responsibilities, are unlikely to be unduly burdened by the new legislation.
“However we would urge businesses to take this opportunity to review their processes to see if they need to make any changes to be compliant.”
0n 25th May the GDPR will replace the Data Protection Act (1998) and introduce tougher fines for breaches.
Crucially for businesses, the GDPR sets out much bigger fines for non-compliance — up to 4 per cent of global annual turnover.
Currently the Information Commissioner’s Office can issue a maximum fine of £500,000 for breaches of data rules.
Commenting on the report, Tony Connor, head of marketing in the EMEA region at managed hosting services and data centres provider, Datapipe said:
“The report issued today suggesting one quarter of London businesses remain unaware of GDPR is a significant cause for concern. GDPR brings in the most sweeping changes to data regulations since the Data Protection Act of 1998, and all businesses which handle personal data, regardless of size, need to be compliant.
“The costs of non-compliance are potentially catastrophic. The Information Commissioner’s Office (ICO) has the ability to enforce fines of up to 4% of turnover, or €20 million, whichever is greater- costs which could single-handedly bankrupt businesses.
“Take, for example, Carphone Warehouse, which was fined £400,000 this month in the wake of a data breach from 2015. If this ruling had occurred just a few months later, after the implementation of GDPR, then the company could have been fined £389.5m – 4 per cent of its annual turnover, based on global turnover that year of £9.738bn.
“GDPR will impact all business units, from marketing, to sales, to IT: the compliance requirements that arrive with these sweeping new data protections rules should not be underestimated. Understanding data responsibilities, as well as the nature and location of data is key. All businesses need to be paying much closer attention to the security of their IT infrastructure and, fortunately for those businesses unaware of GDPR, it is not too late to implement changes and become compliant with the imminent regulations.”