Important changes in data protection are less than a year away. But are businesses prepared?

By Annette White

To some, it feels like General Data Protection Regulation (GDPR) has been a hot topic for a while now. But recent research by BDRC Continental shows that just one in three businesses are actually aware of the new regulations (36%).

GDPR is an EU regulation that applies to all processing of personal data (collection, storage, distribution, retention, protection, security and transfer) and comes into force in May 2018.  It replaces the 1998 Data Protection Act and has some key differences; not least that non-compliant companies could be fined up to 4% of their global revenue. The UK has committed to implementing GDPR, regardless of its exit from the EU.

Of course, not all businesses hold personal data. BDRC's Business Opinion Omnibus research, conducted in June 2017 amongst business owners and financial decision-makers, revealed only 53% said they handle personal data. Within this group awareness of GDPR was by no means universal at only 39%.

Of those who had heard of GDPR and will be affected by it, 66% have started to prepare. With less than a year to go, that is still a substantial number who have yet to give it proper consideration.

Barely a month goes by without a commercial data breach or security incident in the news.  So we asked businesses if the IT issues experienced by British Airways at the end of May had prompted them to take action in this area.  While some had taken steps such as seeking specialist advice or reviewing existing processes, three-quarters (78%) have not done anything. This was predominantly due to them perceiving that their business could not be affected by this type of incident. This perception was higher amongst those who had not heard of GDPR (63%) than those who had (49%).

Greg Berry, IT Director of the BDRC Group, says, “As an ISO 27001 certified business, BDRC already has robust processes in place.  But we recognise that many of these will need to be reviewed and updated to make sure we’re in line with the new requirements. We’re investing time now in understanding the scope and implications of GDPR, so that we’ll be ready when it comes into force next year”.

If you would like to place your own questions on this or any topic on the Business Opinion Omnibus, then please get in touch with Annette White.

Our opinions