Failure by British Companies to comply with the General Data Protection Rule will bring substantial monetary penalties of up to 4% of global annual turnover, or £20million, whichever is greater.
These sanctions will apply to any business that acts as data regulator or processor in contravention of the GDPR. Non-compliant British firms are at a risk of losing markets given that once the law becomes effective it will apply to every company regardless of its location so long as it collects data from European Union citizens. It is known that GDPR will take effect one year before the country makes the final decision regarding Brexit. Even with that, British companies will not be exempted from this law irrespective of the Brexit outcome.
The business community, therefore, should be aware that there will be no protection from penalties on the basis of Brexit. This is because international law permits the EU to pursue companies that handle EU citizens but fail to observe GDPR. The only difference between British and other countries will be marked by a less direct process because EU will be forced to coordinate with the United Kingdom authorities and the judiciary to punish the offenders.
The provisions of the GDPR require companies across Europe to ensure protection of customer data and exhibit transparency with how it uses personal data. The current research commissioned by Irwin Mitchel indicates that only about 30% of the British firms have begun preparation for compliance. It further reveals that majority making up 60% are still uninformed about the rules. Most business persons are still unaware of the penalties that they face should they fail to comply. According to research findings, 71% fall into this category of the uninformed. This outcome reveals a very disappointing trend and a cause of alarm to UK business community.
The implementation of the GDPR may present significant challenges in country’s commercial sector given that most people say that they are likely to leave the business if they receive the penalty. A small proportion, however, believe that they will initiate job cuts. With the high chances that most of the institutions will not be compliant in good time, the effects may negatively impact the economy of the country. This will be a reality when people lose business or effect significant job cuts as research findings indicate.
There are several essential recommendations to help businesses become GDPR compliant. British firms may use the remaining time to execute both internal and external adjustment to avoid the massive penalties. These include carrying out a risk review of data protection and examine how they collect, use, and delete data. They should ensure that such operations are done in strict conformity with the GDPR.
Alternatively, the Businesses should strive to attain ISO 27001 which gives substantial evidence that a business manages its IT and systems to globally accepted standards, hence is GDPR ready.