In a survey of 100 UK CEOs, KPMG found that nearly 60% believe their ability to do business will be hindered once Brexit takes place if UK privacy rules are not aligned to the new General Data Protection Regulation (GDPR).

The GDPR has been at the forefront of minds of many CEOs since the European Commission officially ratified the privacy rules in April 2016. This new legislation is the biggest and most impactful change in privacy and data protection regulation in history.

Find out what you should be doing to protect your business

In May 2018, when it will be enforced, it will affect organisations in the UK and worldwide that have any dealings with consumers and businesses in EU member countries. If the rules are not met by business, they will face significant sanctions of up to €20M or 4% of global annual turnover – whichever is higher, from regulators.

Mark Thompson, global privacy advisory lead at KPMG, said: “The worry amongst this cohort of CEOs is understandable. Once GDPR is enforced in May 2018, it will fundamentally alter the way we live, work and interact with technology, organisations and each other. This revolution will transform the scale, scope and complexity of personal information processed, with personal information being a core component of everything we do.”

What should organisations do?

Commenting on what organisations should do, Thompson said: “The requirements being introduced by the GDPR are going to require most organisations to make significant enhancements to their privacy control environment and rethink the way they collect, store, use and disclose personal information. These changes are going to be complex and take time, as such, most organisations cannot afford to wait and see what form Brexit takes. Doing so would leave them with insufficient time to prepare.

Organisations need to start preparing as soon as possible to make preparation less costly.

The GDPR will touch all areas of an organisation and all staff will need to be educated.

Training will be essential to ensure staff understand what’s expected of them, how to respond and how to handle data.

A new conference launched today, GDPR Summit Series – a deep dive one-day event will focus on the likely impact GDPR will have on business critical processes and provide a framework to Keep your Organisation GDPR Compliant.

Early bird tickets available now at

GDPR is coming, ready or not, and ignoring the regulation until it becomes enforceable in 2018 could be a costly mistake.

Further information and conference details are available at

powered by Typeform