As the General Data Protection Regulation (GDPR) nears its 18 month anniversary, recent research conducted by software supplier Egress have revealed that only 48% of UK businesses are fully compliant with the rules.
Organisations had taken their GDPR compliance seriously in the lead up to the May 2018 deadline, but activity started to drop off after this date.
Over a third of respondents to the Egress research said that:
“GDPR had become less of a priority for them in the past 12 months.”
This lackadaisical approach has left organisations open to severe penalties if they suffer a data breach.
Tony Pepper, CEO of Egress, commented:
“We now appear to be seeing an ‘almost compliant is close enough‘ attitude towards GDPR, with a significant percentage of decision-making indicating that focus has waned in the past 12 months.”
However, before GDPR celebrates its 18 month anniversary the political uncertainty over Brexit has reared its head and entered the data compliance arena.
A no-deal Brexit could have huge repercussions for organisations, and experts say its vital businesses familiarise themselves with the data protection regulation before it’s too late.
Martin Sloan from Brodies LLP explains that the prospect of a no-deal Brexit means it’s more important than ever for firms to ensure they are up to speed on GDPR and data privacy regulations. He said:
“Immigration, trade and customs have all been high on the agenda but there remains a lack of awareness about data protection.
“Adding new levels of legislation could make it even more difficult for businesses to remain compliant.
“A multi-national business in Scotland, with a subsidiary in France or Germany with which it shares personal data, will have to ensure that [data] transfer is lawful.
“That might mean putting in place the EU’s Standard Contractual Clauses between the relevant legal entities in the UK and the EU or seeking approval from the regulators for Binding Corporate Rules within a corporate group.”
There is also the issue where European firms may decide not to use UK firms due to the complexity of the data protection issue.
Martin Sloan added:
“[European firms] might just decide not to shortlist a Scottish or UK company because the data protection aspect might make it prohibitively complex.”
Have you thought about how a no-deal Brexit would impact data protection in your firm?
