Procurement · 1 May 2018

Half of UK business owners anticipate GDPR non-compliance fine

The data protection bill will put GDPR into UK law
Almost half of UK business owners are braced for a GDPR non-compliance penalty ahead of the 25 May deadline, new survey findings have found, with private enterprises struggling to agree on internal accountability.

Later this month, the government’s data protection bill will introduce new consumer consent requirements for businesses to adhere to. Essentially, customers must explicitly opt-in to share their personal data with a company.

According to new research into data governance attitudes ahead of GDPR, undertaken by data privacy firm Ensighten, 45 per cent of company owners have set money aside in anticipation of a GDPR fine.

Meanwhile, 61 per cent of survey respondents would apply for an extension to the deadline if they could, highlighting a potentially worrying lack of organisation among UK businesses.

Commenting on the findings, Ian Woolley, Ensighten CEO, said that business owners remained aware, but still uncertain? in the final month of GDPR preparation.?

the good news is that brands still have time to deploy and optimise customer privacy and consent options on their websites, he added.

educating consumers on how their personal data is used and why their permission is needed is essential to building consumer trust and gaining their opt-in consent. GDPR is not just a legal hurdle to jump.

whilst brands are putting money aside for fines, they should not underestimate the damage to their reputation and business from not educating customers now.

GDPR penalties

The Information Commissioner’s Office (ICO) has the power to fine a non-compliant company up to 17m, or four per cent of annual turnover, whichever is higher.

However, the value of a penalty is not always pre-determined and the behaviour of an organisation can be taken into account. For example, if a culture of data protection is evident, as well as evident steps taken towards compliance.



Uber data leak could have earned 17.75m fine under GDPR

Following confirmation that on-demand taxI app Uber concealed a data breach affecting 57m of its users, legal experts have suggested the company would have faced the harshest penalties of incoming data protection rules in 2018.


Who’s accountable?

One of the reasons firms seem unprepared for GDPR, the study found, could be the lack of consensus over who is responsible for data protection within a business.

Almost a third of respondents said it should lie with the CEO, but one in four wanted to hand GDPR over to the chief data officer. Just 22 per cent believed responsibility should lie with the chief marketing officer.?

GDPR countdown: What businesses need to do right now

Over the last year, our experts have been helping small business owners get their house in order ahead of GDPR. Here are their essential tips.

Undertake an organisation-wide data audit
Ryan Wain, chief marketing officer at Unlimited Group, advised decision makers to undertake a full audit on data held by a business.

distinguish between personal and non-personal data, identify its use, the processes applied to it and the legal considerations. This does not have to mean line-by-line data analysis where they can be, different data sets can be grouped together, Wain explained.

inevitably, you will find data that’s years? old and no longer needed. If you decide this poses a compliance risk, deleting it delivers immediate benefits.



Praseeda Nair is an impassioned advocate for women in leadership, and likes to profile business owners, advisors and experts in the field of entrepreneurship and management.

Legal Advice