A survey of business leaders has revealed that there are still a worrying number of companies across the UK that are not aware of the costs, complexities and responsibilities associated with the new GDPR rules. The survey of almost 900 members of the Institute of Directors, carried out between July and August, shows that nearly a third of company directors have not heard of GDPR, while 4 in 10 don’t know if their company will be affected by the new regulations.
There appears to be a stark contrast between insufficient levels of general awareness on the one hand, and reasonable preparedness of companies who do know about the new rules on the other. Two-thirds of businesses who are aware of GDPR were either very or somewhat confident they fully understand how it will affect the running of their business.
The new rules will redefine the way companies handle data and will include tougher punishments for those who fail to comply. Under current regulations, there is a maximum charge of £500,000 or 1 percent of annual turnover, but this is set to be replaced with a fine of up to €20 million or 4 percent of annual worldwide turnover. When asked whether they would be fully compliant with the regulations by the May 2018 deadline, 86 percent of businesses said they were either very or somewhat confident of being so.
The survey also revealed that half of directors had not discussed their own GDPR compliance arrangements with partners or vendors with whom they share data. Business leaders affected by GDPR said they were most likely to seek advice from external private advisors (IT consultants and legal firms), while many also said they would visit the government website or get in touch with the Information Commissioner’s Office. Meanwhile, one-third said they had in-house experts.