It’s been just over 12 months since the UK voted to leave the European Union (EU). We’re also just under 12 months away from the introduction by the European Union (EU) of their new General Data Protection Regulations (GDPR) which will come into force on May 25 2018. However, new research from Webroot, a leading company that deals with network security and threat intelligence has revealed that small to medium enterprises (SMEs) in the UK misunderstand what the exact impact of Brexit will be upon compliance with the new General Data Protection Regulations.
Highlights from the research includes:
- 46% of businesses were uncertain as to whether they would have to remain compliant to GDPR after Brexit.
- 6% of businesses were certain that they would not have to remain compliant with GDPR post-Brexit.
- 71% of businesses have not budgeted for the work involved with GDPR compliance.
- 81% of businesses in the UK have heard of the new General Data Protection Regulations but 34% were unable to identify basic facets of the new regulations.
- 49% of businesses, despite needed to become compliant to continue operating are not confident that they will be able to meet the stringent requirements for full compliance with the new General Data Protection Regulations.
Adam Nash, business sales leader for EMEA, Webroot, says, ‘GDPR compliance should be a crucial part of every organization’s security strategy. In particular, it’s clear that SMBs urgently need to focus their attention on both GDPR compliance and their wider cybersecurity posture. We recommend that all SMBs adopt a multi-layered security approach to meet GDPR; one that includes network security, antivirus protection, and thorough data protection measures.’
Writing in SMEWeb, barrister Sam Thomas agrees, saying that unless UK businesses operate completely in the UK with UK only customers, GDPR will have some impact.
“If your company trades exclusively within the UK, has no online presence, and is currently compliant with the DPA, the GDPR may not have too great an impact following some modification to your data management procedures. However, if your company has any focus toward the continent then it is imperative that you begin to consider the GDPR.”
Interestingly though, and which many businesses will not have considered is whether being GDPR compliant could conflict with the data protection policies of other countries.
“If you also collect or use data from other non-EU countries like the USA, Russia or China then you may wish to consider taking specialist legal advice. Compliance with the GDPR may conflict with data protection legislation in other countries. Costs, such as multiple servers with one within each jurisdiction, may or may not be required.”
Clearly, engaging with the new General Data Protection Regulations is something that all businesses will have to engage with in some way and will have to do soon if they are to be compliant by the May 25 2018 deadline. Failure to do so could see large fines being issued.