With less than four months before the new General Data Protection Regulations (GDPR) come into force, researchers have found that the majority of businesses are still not fully prepared for the changes which will affect them.
A quarterly survey conducted as part of the Close Brothers Business Barometer found that of the 900 owners and senior managers questioned, many had concerns about GDPR compliance.
Less than a third of respondents (31 per cent) answered with a clear yes when asked: “are you clear what ‘personal data’ means in a business context?” By comparison, 50 per cent replied less confidently saying “sort of” whilst the remaining 19 per cent admitted that they had no idea.
Less than half (48 per cent) of those surveyed claimed to fully understand the new and extended rights that customers will have once GDPR comes into force in May 2018.
The new regulations, are a substantial upgrade to improve the safety and security of all personal data held by organisations across Europe will still be binding in the UK after Brexit. It will also apply to any organisation seeking to process personal data originating from inside the EU.
Any organisation which breaches the new rules could be ordered to pay fines of up to 4 per cent of its turnover.
In a nutshell, GDPR will mean:
- The likelihood that you will need to obtain explicit consent for data to be held – i.e. ‘opt-in’ rather than ‘opt out’
- Records need to be kept up to date, must not contain personal information that is not strictly necessary and must not be stored for longer than is required for the specified purpose
- Policies to protect against cyber-attacks
- Customers now have a ‘right to be forgotten’ – meaning that you must remove their data permanently on request
- Any breaches must be reported promptly and without delay
B J Chong, a Partner with Palmers, who specialises in commercial law, said: “The clock is ticking and many estate agents and management letting companies are still not getting to grips with the imminent changes to data protection which will significantly affect them.
“A potential breach could not only lead to a huge fine and loss of valuable management time but also cause reputational damage to your business. It is important, therefore, to ensure that you are fully up to speed with the full implications of GDPR, well in advance of 25 May 2018.”
For help and advice on the implications of GDPR and how you can be fully prepared for the new legislation, please contact us.