Two new surveys have painted a worrying picture as to how unprepared UK businesses are for the forthcoming European Union General Data Protection Regulations.
According to new research from Nexsan,the leading private cloud service provider, almost 50% of all UK based organisations still do not understand what the new European Union General Data Protection Regulations are, a worrying statistic seeing that organisations now have less than 12 months to prepare for their implementation on May 25, 2018. Failure to comply that date and organisations risk fines that could see them have to pay 4% of their global revenue.
Geoff Barrall, COO at Nexsan, commented: “Businesses need to start taking measures to ensure they will meet GDPR regulations. Interestingly, the survey noted an almost equal split in the market, which may suggest that those potentially vulnerable organisations are the ones still unaware of the new legislation. Whether cloud-based or physically onsite, it’s key to ensure that the storage solution used provides the required security in addition to traditional criteria such as performance, expandability, and flexibility. There are simple steps businesses can take to remain compliant within the context of their data management and security and here at Nexsan we’ve been delivering solutions to these problems for years.”
Research from London law form Hamlins LLP and the UK’s first fully compliant job board, CareersinCyberSecurity.co.uk paints an even bleaker picture. According to their research, hundreds of thousands of businesses in the UK are leaving themselves open to large fines after 73% have failed to budget in any way for the implementation of the new European General Data Protection Regulations.
Simon Wright, operations director, CareersinCyberSecuity.co.uk, said: “Whilst some businesses will be exempt from appointing a Data Protection Officer, there are hundreds of thousands of businesses currently exposed because they do not have the right calibre of staff to deal with data protection law and practices and ensure they can honour all the obligations under the GDPR.
“Experts in the data protection field, could find themselves in high demand and in some circumstances in a good position to name their price, as there is currently an estimated shortfall of 7,000 DPOs in the UK alone.”
Matthew Pryke, a partner at Hamlins said: “Despite awareness about the GDPR, too many businesses are complacent and think because of their size or nature of business they are somehow exempt from having to comply.
“Regardless of Brexit, this regulation – even with the words EU fronting the name – will still apply for all businesses operating in the UK. Those who leave it to chance and don’t prepare now, could be left high and dry if the Information Commissioner’s Office find businesses breach regulations.”
It is vital that all organisations in the UK engage with the issue of GDPR compliance as failure to do so by May 2018 could see them face fines of up to €20 million or 4% or annual global turnover – whichever is higher.