Nearly a third of UK firms unprepared for GDPR – survey

Non-compliant companies face fines up to €20 million

Nearly a third of UK firms unprepared for GDPR – survey

Insurance News

By Paolo Taruc

Firms have only months to prepare for the implementation of the European Union’s General Data Protection Regulation (GDPR) – but a recent survey has revealed that a large number of UK businesses remain in the dark about the new law.

According to learning provider Litmos Heroes, over 30% of UK businesses have done nothing to meet the new EU regulations, and 10% are not planning on doing anything about it.

This comes amid warnings that hefty fines will be imposed on non-compliant firms. Last May, Information Commissioner Elizabeth Denham said the new law “equals bigger fines for getting it wrong.”

“If your organization can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organization open to enforcement action that can damage both the public reputation and your bank balance,” she added.

For the most serious violations of the law, the Information Commission (ICO)  will have the power to fine companies up to €20 million, or 4% of a company’s total annual worldwide turnover, for the preceding year, said ICO Deputy Commissioner (Policy) Robe Luke in a speech last May.

According to poll data, nine in 10 respondents admitted that if the regulation was introduced tomorrow, they wouldn’t be ready. Some 60% of businesses haven’t formed a plan to make sure that all staff who handle data are aware of GDPR. Meanwhile, 6% of businesses don’t currently comply with current data protection laws and 10% are fully aware that their own online safeguards are not sufficient to protect customers from cyber-crime.

Granted that the UK is taking steps to withdraw from the EU, the upcoming relations apply to any firm that handles the data of any EU citizen, regardless of where the company is based. 

The new law aims to enhance the data protection rights of individuals in the EU and facilitate the free flow of personal data in a single digital market. It includes oversight over information that can be used to directly or indirectly identify a person, including bank details, posts on social networking websites and medical information.

Related stories:
Insurers face “large fines” for failing to comply with new EU data law
New data regulation could cripple insurers’ counter-fraud efforts – law firm

Keep up with the latest news and events

Join our mailing list, it’s free!