Almost a quarter of UK firms have given up preparing for the EU General Data Protection Regulation (GDPR) in the mistaken belief it will not apply after Britain leaves the EU, according to research.
While 24% have cancelled their plans, almost half of those surveyed by Crown Records Management don’t believe the legislation will apply to UK organisations after Brexit.
GDPR will harmonise data protection law across the EU, and is scheduled to come into force in the UK on 25 May 2018. The legislation will introduce much tougher fines, up to €20 million or 4% of annual turnover, for breaches of the law.
John Culkin, director of information management at Crown Records Management, said: “Firstly, [GDPR] is likely to be in place before any Brexit. Secondly, although an independent Britain would no longer be a signatory, it will still apply to all businesses that handle the personal information of European citizens. When you consider how many EU citizens live in the UK, it’s hard to imagine many businesses here being unaffected.”
Of those that have made preparations, 70% had appointed a data protection officer as required by the legislation, and half had already implemented staff training. Some 72% had reviewed their data protection policies, and 44% had carried out an information audit.
Additionally, separate research by law firm Irwin Mitchell found just 34% of marketing and advertising businesses are aware of the GDPR.
Even more perturbing are the findings from a recent DMA report, which revealed only 54% of organisations feel they’re on course to comply with the GDPR when it comes into play next year.