According to a recent YouGov poll, almost 2/3rds of UK businesses are unaware of the sanctions they could face after next year’s GDPR comes into place, with fines of up to €20m for the biggest companies.
A startling 62% of businesses surveyed had not even heard of the GDPR.
Currently, UK businesses can be fined up to £500,000 for a breach of data protection. Next year, from 25 May 2018, this will jump to either €20m or 4% of the company’s global turnover. A fifth of those companies surveyed conceded the possible impacts of the fines would push them out of business.
Despite some businesses being aware there were upcoming changes, very few knew the scale of the fines. Unsurprisingly, the majority were smaller businesses, with just 22% having heard of the rules, whereas 43% of medium-sized and 56% large businesses had so.
Staggeringly, nearly half (57%) of financial services companies knew of the changes. Media and marketing came bottom of the list.
While the topic has been very much in the public domain, nearly a quarter of the businesses surveyed said they would probably not even know when a data breach occurred.
They need to learn. And quickly. Last year, the number of fines for data breaches almost doubled, and jumped from £541,000 to an eye-watering £3.2m. These will undoubtedly rise after the implementation of the new rules next Summer.
Businesses need to be clear about how data is collected and stored, and a breach must be reported to the Information Commissioner’s Office (ICO) within 3 days.
Finally, it is important that British businesses understand that, while “Brexit means Brexit”, Brexit does not mean the compliance with the Brussels-enforced GDPR can stop. This is happening.
For support with or guidance regarding these changes to GDPR, please get in touch with the HPC team today.
T: 0844 800 5932
Follow us on Twitter for employment law news and updates @HPC_HRservices