The GDPR Deadline Is Near & Business Is Not Ready | BIIA.com | Business Information Industry Association

Under half of businesses are aware of forthcoming data protection laws they’ll be subject to in just four months’ time – or what the new legislation means for how information security is handled.

A lack of awareness about the forthcoming introduction of General Data Protection Regulation (GDPR), a new set of rules from the European Union which aims to simplify data protection laws and provide citizens across all member states with more control over their personal data, has led the UK government to issue a warning over businesses’ lack of preparation for the change.

GDPR comes into force on 25 May 2018 and those who are found to misuse, exploit, lose, or otherwise mishandle personal data could potentially face huge fines: up to four percent of company turnover. Organisations could also face penalties if they’re hacked and attempt to hide what happened from customers.

But, despite the risks associated with not being GDPR compliant, a government survey has found that many organisations aren’t prepared, or even aware, of the legislation and how it will impact their security strategy. Only one in four businesses in the construction sector are aware of GDPR, and awareness in manufacturing is also low. The finance and insurance sectors are said to have the highest awareness of the legislation.

Overall, the report says just under half of businesses, including one-third of charities, have made changes to their cybersecurity policies as a result of GDPR. Such preparations can include creating or improving cybersecurity procedures, hiring staff, and making concentrated efforts to update security software.

However, many still risk the prospect of being fined due to a lack of preparation, the government has warned.
“These figures show many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill,” said digital, culture, media and sport secretary Matt Hancock.

Rather than being fearful of GDPR, the ICO suggests organisations should embrace GDPR as a chance to improve how they do business.

“The GDPR offers a real opportunity to present themselves on the basis of how they respect the privacy of individuals, and over time this can play more of a role in consumer choice. Enhanced customer trust and more competitive advantage are just two of the benefits of getting it right,” said information commissioner Elizabeth Denham.

Despite the UK preparing to leave the European Union, GDPR will still apply to organisations within the UK. The government says it will incorporate all GDPR rules issued by the European Union into a new Data Protection Bill scheduled for May.