It's now less than nine months until the General Data Protection Regulation (GDPR) storms into our lives.
The fresh set of rules, which come into force on 25 May next year, will completely disrupt the way businesses manage data, forcing some companies to drastically overhaul their processes.
Ready, set, go
The clock is ticking and many businesses are clearly unprepared. In fact, research from law firm Collyer Bristow, published last week, found that 55 per cent of small businesses in the UK are still unfamiliar with the regulation.
What’s more worrying is that 18 per cent of small businesses would be at risk of insolvency if they were hit by the new maximum fine for not complying – a painstaking statistic when you consider the impact this could have on an entire organisation and its staff.
Peter Alderson, managing director of business finance provider LDF, says: “GDPR has been on our radar as a business for some considerable time, and it’s come into increasing focus.
“While we have made continued efforts to stay close to the regulation changes and prepare our business for such a broad change, the clear and present issue remains the lack of apparent clarity around this subject, and that has to be a worry for a great number of businesses currently.”
Previously, fines for breaching data protection rules were set at a maximum of £500,000.
But companies that fall foul of GDPR will be subject to fines of up to €20m or four per cent of worldwide turnover, whichever is higher. So even for the big players, this new penalty is no walk in the park.
GDPR will apply to all firms that handle customer data, meaning no sector is immune. But Collyer Bristow’s research suggests some sectors are less familiar than others, with the real estate and construction sectors faring the worst.
On the horizon
The GDPR deadline might seem like a while away yet, but companies are being urged to take action now.
However, it’s apparent that some business owners are putting it off, partly due to the cost and resources needed. But delays are also happening because of uncertainty over how rules will be enforced, while some companies are unsure about how to incorporate the rules into their businesses.
Despite the uncertainty, Alderson says businesses need to have a firm plan in place for GDPR.
“While there’s no clear ruling on the requirements yet, there are things that businesses can start to address now to lessen the impact,” he says. The LDF boss points out, for example, that companies could start speaking to data providers on their plans for compliance, analysing their system capability, or appointing someone internally who will manage the change and adopt a stance on how this will be executed.
“With such a narrow window, it will pay to be prepared,” he adds.
The EU dilemma
There’s also confusion around how the rules will differ between the 27 countries in the European Union (yes, the UK is still expected to comply with GDPR, despite being embroiled in Brexit negotiations).
So we should be worried that so many companies are unfamiliar with the rules, but perhaps the government and the regulators need to do more to help businesses navigate the minefield.