24% of UK businesses have stopped preparations for EU Data Protection Regulations

Around a quarter of firms have cancelled their preparations for the incoming regulation because they believe it will not apply after Brexit.

The EU General Data Protection Regulation (EU GDPR) is a group of rules designed to coordinate data protection laws across Europe.

The EU GDPR has been years in the making but has now been ratified by the UK. It is due to take effect in May 2018.

This is likely before the Brexit process is complete. The process, beginning with the triggering of Article 50 this week, will take a minimum of two years according to experts.

Businesses still likely to be affected by EU regulations next year

A survey by information management company Crown Records of IT decision makers has found that 24% of them have cancelled preparations for EU GDPR.

Firstly, it is likely to be in place before any Brexit. Secondly, although an independent Britain would no longer be a signatory it will still apply to all businesses which handle the personal information of European citizens.

44% of respondents think that the incoming regulation will not apply to their UK business after Brexit.

"Firstly, it is likely to be in place before any Brexit," said director of information management at Crown Records, John Culkin. "Secondly, although an independent Britain would no longer be a signatory it will still apply to all businesses which handle the personal information of European citizens."

The fines associated with EU GDPR are significant. They can be as high as €20 million  or 4% of global turnover.

UK politicians played an important role in the drafting of EU GDPR, with Crown records believing that this shows that the general principles are set in stone. Around half of the respondents saw Brexit as an opportunity for the UK to position itself as the safest place to do business.

"The reality is we are likely to continue to see stringent data protection in an independent UK rather than a watered-down version,” said John Culkin. 

This will most likely mean legislation on par with, or more stringent than, EU GDPR.

Other findings from the survey were more positive:

  • 70% of those with 100 or more employees have appointed a data protection officer (a key requirement of EU GDPR)

  • 50% have introduced staff training

  • 72% have reviewd their data protection policies

  • 44% have undertaken an information audit 

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.