As many as 90 per cent of British businesses have yet to update their privacy policies as time runs out to comply with General Data Protection Regulation (GDPR), a new survey has found.
Updated privacy policies are a key requirement ahead of the introduction of GDPR laws on 25 May 2018, and business owners risking non-compliance could face regulatory action, as well as long-term brand and reputational damage.
The GDPR laws are designed to increase transparency around how businesses collect and use personal data, making firms more accountable and giving greater rights to consumers, whose personal data is being retained and processed.
Underpinning the regulation is a considerably stricter regime of fines, with the most serious GDPR breaches by businesses resulting in possible fines of up to £17m, or four per cent of a firm’s global turnover.
Another requirement under GDPR laws will be to notify personal data security breaches within a 72-hour period, where the breach is likely to result in a risk to the rights and freedoms of individuals.
The survey, conducted by law firm Blake Morgan, revealed that just ten per cent of UK company owners have updated their privacy policies to comply with GDPR laws so far, and only 25 per cent have put a system in place to ensure data security breaches were reported in line with the new rules.
Some 40 per cent of business owners surveyed said they’d not taken any steps to prepare for GDPR, while over a third weren’t confident they’d be able to comply with the rules before next May’s deadline.
Shockingly, more than a fifth of companies weren’t aware of GDPR laws or the need to update privacy policies, and what these will mean for their firm.
A partner and specialist in data protection law at Blake Morgan, Simon Stokes, said that there’s a “genuine confusion” about the GDPR laws amongst business owners, including what the rules mean and how firms can comply.
He added: “With the clock counting down to the law coming into force, we would recommend a focused effort by businesses to get to grips with the changes and implement a strategic plan of action. A significant proportion of organisations across the public and private sectors are still underprepared for these major changes to data protection law.
“GDPR compliance is good corporate housekeeping. Not only will it avoid running the risk of damaging fines or sanctions –it will ultimately assure the public’s trust in your organisation at a time when data privacy and security are more important than ever.”
Read more: New data protection bill threatens non-compliant firms with fines up to £17m
Sign up to our newsletter to get the latest from Business Advice.