Ignorance is bliss! Thomas Gray’s proverb represents an appealing, but yet ill-fitting way of looking at things – at least with regards to the GDPR.
The proverbial strategy has obviously been adopted by a sizeable number of businesses, and the surveys keep piling on the bad news. The latest survey to show precisely this comes from London Chamber of Commerce and Industry (LCCI).
More than 550 businesses from the London area were polled, and the results are less than promising. A staggering 24% aren’t aware of the new legislation at all, and only 16% feel comfortable enough to claim their business is GDPR-compliant.
Over one in five (21%) would like to comply, but lack the knowledge and information to begin with the compliance process. One-third of businesses claim the GDPR doesn’t apply to their business, which we find unlikely since most still do communicate with their clients and process their employees’ data.
Colin Stanbridge, chief executive of LCCI said: ““Businesses that are already vigilant about their data protection responsibilities, are unlikely to be unduly burdened by the new legislation.”
We agree with the sentiment, but the number of businesses left out in the dark, completely unaware of the new changes is extremely worrying.
Even in the post-Brexit UK, the GDPR will still apply there from 25 May 2018, replacing the Data Protection act of 1998 (Itself a transposition of the Directive 95/46/EC).
The companies that don’t prepare on time could find themselves in deep waters further down the road when the regulators come knocking. The current maximum fines of up to £500 thousand will seem like a drop in the bucket when the GDPR enters into force with its fines of up to €20 million or 4% of the company’s annual global turnover for the preceding year.
It’s high time the chambers and other trade organisations ramped up their awareness efforts to prevent seeing their members on the brink of disaster. The clock for compliance is ticking, and it’s essential for businesses to start preparing as soon as possible and refrain from testing the regulators’ patience. Yes, it already might be too late to meet the 25 May deadline, but better late than never.