Nearly a third (30%) of UK business leaders have never heard of the GDPR, although those that are aware of the new regulation seem to progressing well on compliance, according to new research from the Institute of Directors (IoD).
The study of nearly 900 IoD members also revealed that 40% didn’t know if the GDPR would affect their business, which is concerning considering the new data protection law will touch almost every public and private sector organization in Europe and beyond.
Half of those surveyed said they haven’t yet discussed GDPR compliance arrangements with partners or vendors with whom they share data; a potentially serious oversight in light of the fact that third parties are often an organization’s weakest link when it comes to data protection.
However, of those that understand the regulation, two-thirds (66%) said they are either “very” or “somewhat” confident they fully understand how it will affect the running of their business.
Plus, 86% claimed they are “very” or “somewhat” confident of being fully compliant by the May 25 2018 deadline.
IoD head of external affairs, Jamie Kerr, claimed firms have clearly not got the message on GDPR compliance despite the potentially huge cost of non-compliance: fines of up to £17m or 4% of global annual turnover, whichever is higher.
He urged the government and ICO to step up outreach efforts and simplify the message on how to comply.
“It is crucial everyone understands just how big this regulatory change will be for business leaders over the next few months,” he added.
“GDPR also comes hot on the heels of a number of big regulatory shifts for business over the past few years. We should also not forget the potential of extensive preparations that will be needed as we depart from the EU. Taken altogether, it’s not the easiest time to do business in the UK.”
Phil Becket, managing director of IT forensics firm Alvarez & Marsal, argued that being able to prepare for and detect cyber-attacks will be key to staying compliant with the GDPR.
“Complacency is no longer an excuse for firms, they need to know what they’re doing with consumer data, or face the consequences. Hackers are persistent and creative, and more often than not they are able to get into systems with ease – just look at the recent breaches seen in the news,” he added.
“Combined with stricter rules and harsher punishments for lax security, firms need to be on the front foot and ignorance is certainly not the right approach.”