Employers simply not ready for the GDPR
A new report has warned that 60% of companies are unprepared for the EU’s General Data Protection Regulation with less than three months until their implementation.
Under the legislation, which will apply to UK organisations from 25 May 2018 companies will be subject to new rules around the collection and processing of individuals’ data, and could face fines of up to £17m, or 4% of their annual turnover, for failing to comply.
Despite this, a new report has shown that both UK and EU businesses have been slow to get their houses in order ahead of the introduction of the new rules. Three in five organisations said they were not yet ‘GDPR ready’, while a quarter were deemed ‘at risk’, suggesting that companies could face significant fines.
A reported lack of preparation for the GDPR could be the result of smaller businesses. According to the report, companies could be forced to spend eight hours a day, or 172 hours a month, on data searches after the implementation of the GDPR, with more than one in three UK-based directors saying they were concerned about their ability to be compliant. More than one in 10 UK companies said they were not confident they knew where their data was housed, while 12% reported that they had not accounted for all databases.
Bevitt advised HR professionals to take initial steps to ensure any UK and EU-based employees were aware of their rights under the new legislation, and that employment contracts were up to speed with the regulation.
The ICO has issued GDPR guidance, so may enforce more collaborative actions to help a business learn about the changes rather than punishing organisations straight away – however, they will possess enforcing actions so, if there is a breach or data is not being processed as it should be, those organisations that have ignored it altogether could face consequences.