As the new European Union General Data Protection Regulations get ever closer, it seems many businesses are not paying them the attention that they deserve. In a report released in August, 65% of business leaders sad that they were ‘a little concerned’ about GDPR with 12% not being concerned at all. This is worrying say many data protection and data security experts and businesses are missing out on the chance to treat it as an opportunity. Writing in City AM recently, Liz Brandt, the chief executive at Ctrl Shift said:
“Many businesses are less than enthusiastic, treating GDPR as another red tape burden. Too many companies are sinking huge sums of money into just becoming compliant, while many others are ignoring the looming regulation altogether.
“This is a missed opportunity. GDPR is a chance for businesses to sail ahead of competitors – to become their industry’s Netflix and leave rivals in the Blockbuster Bargain Bin. It is also a significant opportunity for the UK economy to become more creative and productive.
“GDPR hinges on trust and consent, with individuals able to withdraw their consent for a business to use their data. This makes trust an invaluable asset, since a consumer is only likely to give consent to a company that they trust. Businesses that earn this will have far more data than lesser-trusted rivals, giving them a massive competitive advantage.
“Earning trust is not easy. It requires that a business acts ethically, something which is more than a PR exercise. There must be a company-wide commitment to doing the ‘right thing’ with personal information. Companies that only pretend to do so tend to get found out and suffer from a backlash and potentially a permanent loss of customer trust.”
Whilst the UK’s information commissioner has been trying to ease worries that large fines will be issued across the board for non-compliance, the fact is that companies that fail to comply with the new European Union Data Protection Regulations and suffer a data breach could be hit with eye-wateringly high fines. These can be up to €20m or four per cent of global turnover. Fines at this level for the most serious breaches could severely impact many businesses and even put a significant number out of business.
Adam Rose, partner and head of data protection at Mishcon de Reya says that businesses should be acting now to ensure compliance.
“So what should businesses be doing now? In order to work out what you need to do to comply with the law, you need to have a clear view of: what data you are collecting; how you collect it; where you store it; why you hold it; what you do with it; how long you keep it; and how securely is it being kept.
“You can do that by speaking to the relevant people in your organisation and gathering your evidence. You can also undertake a review of the IT systems you are using to trace the data’s journey. What you cannot afford to do is to assume everything is fine without further enquiry – 41 per cent of respondents to the last poll said that they had invested no capital in ensuring their systems are GDPR compliant.”