Procurement · 20 September 2017

Nine out of ten businesses arent yet prepared for GDPR laws

More than a fifth of company owners werent aware of GDPR laws at all
More than a fifth of company owners werent aware of GDPR laws at all
As many as 90 per cent of British businesses have yet to update their privacy policies as time runs out to comply with General Data Protection Regulation (GDPR), a new survey has found.

Updated privacy policies are a key requirement ahead of the introduction of GDPR laws on 25 May 2018, and business owners risking non-compliance could face regulatory action, as well as long-term brand and reputational damage.

The GDPR laws are designed to increase transparency around how businesses collect and use personal data, making firms more accountable and giving greater rights to consumers, whose personal data is being retained and processed.

Underpinning the regulation is a considerably stricter regime of fines, with the most serious GDPR breaches by businesses resulting in possible fines of up to 17m, or four per cent of a firm’s global turnover.

Another requirement under GDPR laws will be to notify personal data security breaches within a 72-hour period, where the breach is likely to result in a risk to the rights and freedoms of individuals.

The survey, conducted by law firm Blake Morgan, revealed that just ten per cent of UK company owners have updated their privacy policies to comply with GDPR laws so far, and only 25 per cent have put a system in place to ensure data security breaches were reported in line with the new rules.

Some 40 per cent of business owners surveyed said theyd not taken any steps to prepare for GDPR, while over a third werent confident theyd be able to comply with the rules before next May’s deadline.

Shockingly, more than a fifth of companies werent aware of GDPR laws or the need to update privacy policies, and what these will mean for their firm.

A partner and specialist in data protection law at Blake Morgan, Simon Stokes, said that there’s a genuine confusion? about the GDPR laws amongst business owners, including what the rules mean and how firms can comply.



Fred Heritage was previously deputy editor at Business Advice. He has a BA in politics and international relations from the University of Kent and an MA in international conflict from Kings College London.

From the top