The highly anticipated General Data Protection Regulations (GDPR) will apply from 25 May 2018 with implications for the way businesses currently handle and manage their data protection.
The GDPR is part of an overall package of data protection reform and will provide an opportunity for organisations to streamline their data protection practices including removing any inaccurate, out of date or irrelevant data.
GDPR will have significant implications for any SaaS, Cloud Services and other outsourced service providers with the introduction of statutory obligations for data processors for the first time.
Ashfords recently conducted a survey in partnership with Insider South West, which asked organisations about their knowledge of GDPR, how prepared they were for the upcoming changes, and the types of data that they currently process.
The results
- Importance: When asked how important data protection is to their organisation, over 50% answered that it was as important as other compliance issues for the business, however almost 3% answered that it was of little or no importance.
- ICO: 41% of participants are currently registered as a Data Controller with the ICO, however just under 22% were not aware of the register. In the run up to the new GDPR coming into force, highlighting the register and other services available to companies should be made a priority.
- Types of data: Over 90% of the companies from the survey currently process customer / client data. This is a huge figure reflecting how much personal data of clients and customers are currently being handled by companies, reinforcing the importance of why companies should be fully aware of the new GDPR regulations. 74.5% of companies handle staff and employee data, while 61.8% manage supplier data.
- Knowledge of changes: It was concerning to find that just under 30% of participants do not know anything about the changes that are coming under the new GDPR. However, by early next year we hope that this figure will increase as more information and support becomes available.
- Preparation: 56% of companies have taken initial steps in preparing for GDPR, but still have work to do. However, 10% have stated that they are well prepared for GDPR while 34% of companies have not yet started to prepare.
- Department: The survey results have found that the responsibility for data in a company often varies. For example 10.9% of people have a dedicated data protection / privacy department, while 5.5% of companies data is managed by the marketing department and 16.4% of participants rely on their IT department to be responsible for their data.
- Brexit: We asked the survey participants what impact they think Brexit will have on data protection and over 57% remarked that it would have very little impact either way. However, with the recent results of the snap election and current negotiation plans, this could all change.
The survey findings highlight the need and importance for businesses to be more prepared for the impact that GDPR will have on storing and using data - it is imperative that businesses start to put a plan in place now before facing the risk of significant fines.
