Only six in ten company directors say they are confident their organisation will be ‘fully compliant’ with new data protection laws set to come in on May 25 under the European Union-wide General Data Protection Regulation (GDPR), a new survey from the Institute of Directors (IoD) suggests. The poll of 700 bosses shows businesses were most likely to turn to external private advisors, business membership bodies such as the IoD, and the Information Commissioner’s Office (ICO), the UK data protection regulator.
Comments
Jamie Kerr, Head of External Affairs at the Institute of Directors, said: “GDPR has been a long time coming for businesses, but it is only proving more formidable as the deadline looms and companies drill down into the detail. The regulator has assured small businesses that there will be not be a sudden inquisition once the rules enter into effect, but with such large penalties for non-compliance, firms must assess what they have to do to avoid falling foul of the legislation, and they must do so soon.
“While the regulations may be burdensome, the overriding impulse amongst company directors now is simply to follow the rules. However, SMEs, who are facing a whole host of competing priorities and generally cannot rely upon dedicated compliance teams, are still finding it difficult to digest the sheer scale of the legal changes.
“The Government’s immediate priority should be to ensure the ICO has the resources it needs to make a big final push to assist small businesses in the run up to this month’s deadline.”
Mark Adams, regional vice-president for the UK and Ireland at Veeam, a software company, said: “After two years grace period, thousands of pounds of marketing spent on awareness, it’s simply not good enough that only six in ten company directors feel confident ahead of GDPR coming into effect. While some of that might be because there is an aspect of the great unknown, it has appeared for some time that there is lethargy towards the regulation and the enforcement attached.
“In today’s always-on era, it is critical for businesses to think bigger and have an understanding of the data they hold, where it is located, what they can do with it, and who has access to it. Intelligent data management, day or night, is a fundamental responsibility for businesses today, not just to its customers, but to its stakeholders and board. Not having the right protection in place could see an organisation suffer significant financial and reputational damage. That’s not just a few tweets complaining about poor service, we’re talking millions of pounds being wiped off a business’ value. Basic data management strategies should include traditional preventative security techniques such as firewalls, network restrictions, protection against malware, alongside internal employee education, impact assessments, backup and disaster recovery strategies, and quality-checking backups. Even making sure you have an offline backup can help you recover from a number of issues and attacks.
“With the deadline for compliance with GDPR fast approaching, organisations must ensure the monitoring, auditing, reviewing and improvement of data protection is a core business process, not just a nice to have or a bolt on. And, while technology cannot make you fully GDPR compliant, businesses should be speaking to their technology partners to see what is possible to help with aspects of compliance.”
