It’s just a few months until businesses and companies need to comply with the General Data Protection Regulation (GDPR). The new rules come into play on 25 May 2018. But, if recent surveys are anything to go by, many data protection professionals, and the organisations they work for, are not prepared for the new rules.
Results from the Calligo survey
The results of a survey conducted by Cloud technology provider Calligo give cause for concern. 69% of the 500 IT decision makers questioned said that their organisation was not prepared for the changes. This could mean that many companies and small businesses end up having to pay a significant amount of money in fines, which can be as much as 4% of annual turnover or £20 million, whichever is higher. Incredibly, only 9% of those surveyed believed that they were fully supported by compliance departments, in relation to making preparations for the new GDPR regulations.
Only 43% of organisations that participated in the survey had appointed a data protection officer (DPO). This is an important stipulation of the GDPR for any business with more than 250 employees, and can result in significant fines if it’s not complied with.
Think the GDPR does not apply to you?
Small business owners may not think the GDPR applies to them; but this is not true. Even if you have less than 250 employees in your business, you still need to comply if your processing affects the rights and freedoms of individuals.
It is also interesting to note that the GDPR does not just apply to organisations that are based in Europe. If an organisation employs people in Europe, or deals with data for people who live in Europe, it must comply.
This compliance is essential, if organisations want to avoid administrative fines. According to the results of surveys conducted by experts such as Calligo, many organisations have a long way to go, to ensure that this happens.