A recent GDPR Compliance readiness survey published by the UK government has found that only 6% of the UK 350 largest companies are ready for GDPR compliance. Many of the respondents to the research cited concerns with the difficulty around the requirement to be able to delete an individual’s data entirely.
The research was conducted as part of the UK government’s annual cyber governance health check report and is a comprehensive study at board level across the largest and best-performing companies in the UK. Over a third of respondents (37%) said that they were very aware of the future GDPR requirements however the majority of those surveyed (60%) reported being at best somewhat or slightly aware.
The two biggest concerns cited by the companies, with regards to GDPR, are an individual’s right to personal data deletion (with over 40% of respondents citing it as their top concern), and tightening of consent requirements imposed by the new regulation (over 40%).
GDPR has many requirements, which include:
- a requirement for consent – businesses will need to ensure that all customers know that you have their data and that they agree to the firm having that data
- businesses will have three days to report data breaches to both the authorities and customers
- the Right to be Forgotten – customers will have the right to ask companies to delete all of their data and to prove that they have
- data portability – the aim is to create an environment where businesses can easily swap their data between different providers while ensuring the data is deleted from the old vendor’s systems.
- hefty fines for data breaches will be introduced – up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater.