Thousands of new GDPR specialists are being hired by UK businesses to cope with demands of tough new EU regulation, which comes into force in May 2018. Worryingly, ten per cent of businesses plan to do nothing about the regulation despite the threat of fines of up to 20 million Euros.
IT in the dark - One in ten IT services businesses haven’t even heard of the regulation and 20 per cent admit to having inadequate safeguards to protect customer data
Almost a quarter of UK businesses have brought in a new hire specifically to make sure they comply with the tough new EU General Data Protection Regulation (GDPR) regulations, a study from leading learning provider Litmos Heroes has found.
With the threat of fines of up to 20 million Euros looming and less than eight months to go until the wide-ranging new EU regulations come into force, the research discovered that 22 per cent deem it so vital to their futures they have recruited new staff to tackle the impending changes.
In stark contrast, 11 per cent of the 500 UK business owners and decision makers that took part in the survey admitted they don’t know which of their current team members would handle the responsibility of making sure the business was GDPR-ready.
Sixty per cent admitted that they don’t have any plan in place to ensure their current staff are trained and know what is expected of them after the May 25, 2018 deadline.
And although they are considered to be the custodians of data protection in many UK business, the study found that one in ten IT businesses haven’t even heard of GDPR.
Worringly, four per cent of IT service businesses admitted that they don’t currently comply with UK data protection laws already – and 20 per cent confessed to having inadequate safeguards in place right now to protect customer data.
Tom Moore is Managing Director of Litmos Heroes, which is leading the charge for better training and awareness raising of the impending changes across UK plc.
“Now is the time for businesses to act,” said Tom. “Before the multi-million pound fines comes into play. It’s not too late.
“Our study paints a stark picture of how seriously – or not – some UK businesses are taking GDPR. On the plus side, it’s fantastic to see that around a quarter of businesses are recruiting new talent to tackle the GDPR changes head on,” he said.
“However, on the flip side, the findings raise a number of concerns and it seems that some businesses really need to be reminded about the impact of these new regulations. Let’s be clear: If any organisation handles the data of a EU citizen – whether Brexit or no Brexit – it will apply to them.
“I think one of the really staggering outcomes of this study is that, as custodians of many organisations’ data protection controls, so many IT businesses are so under prepared.”
Across all sectors in UK plc, almost 30 per cent of business decision makers are totally in the dark about the law changes. More than 30 per cent said they have done nothing at all towards becoming GDPR-ready – and ten per cent said they don’t plan to.
The research, which was carried out to mark the launch of Litmos Heroes’ new GDPR course for global businesses and SMEs, found that nine out of ten admitted that if the regulation was introduced tomorrow, they wouldn’t be ready.
“Around a quarter of the people included in our survey said they didn’t think GDPR would be strictly enforced,” Tom added. “But come May 2018 they still need to be ready, because this is going to be enforced whether they like it or not.
“It’s this stark picture – and the worrying lack of knowledge and general awareness about GDPR – that has encouraged our team to produce a need-to-know video training module to help businesses and leaders get GDPR-ready.”
The GDPR was adopted into law by the EU Parliament in April 2016 and, from May 25, 2018, it will apply to all companies processing and holding the personal data of people who live in the EU, regardless of where the business is located.
It was designed to make sure that data privacy was standardised across Europe, to protect citizens’ data privacy and to reshape the way that businesses right across the region think about and implement data privacy.
The penalties for failing to comply are potentially huge. Organisations that fail to meet the regulation can be fined up to four per cent of their annual global turnover, up to a maximum of 20 million Euros.
GDPR Summit Series is a global series of GDPR events which will help businesses to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.
Further information and conference details are available at http://www.gdprsummit.london/