momius - stock.adobe.com

Almost a quarter of London businesses unaware of GDPR

Nearly one in four London businesses unaware of new data protection regulation, a survey has revealed, with just months before the compliance deadline

With just four months to go before the compliance deadline for the European Union’s (EU’s) General Data Protection Regulation (GDPR), 24% of London business are not aware of the regulation, a survey shows.

The poll of more than 500 businesses commissioned by London Chamber of Commerce and Industry (LCCI) also found that, of those business decision-makers who believe that the GDPR will affect them, just 16% said their business is prepared for it, while 21% said their business would like to prepare for the GDPR, but needs to find out more about it.

One in three (34%) of the London business community said the GDPR is not relevant to their business.

Colin Stanbridge, chief executive of LCCI, said businesses that are already vigilant about their data protection responsibilities are unlikely to be unduly burdened by the new legislation.

“However, we would urge businesses to take this opportunity to review their processes to see if they need to make any changes to be compliant,” he said.

After 25 May 2018, organisations that fail to comply with the GDPR could face fines of up to €20m or 4% of global annual turnover, whichever is greater.

These fines, and the fines provided for in the UK’s draft Data Protection Bill that is currently making its way through parliament, are much higher than the maximum monetary penalties of £500,000 allowed under the UK’s Data Protection Act 1998.

New UK data protection legislation expected to be introduced in 2018 will set similar requirements and penalties for non-compliance as the GDPR in an attempt by the UK government to ensure uninterrupted data flows between the UK and EU member countries post-Brexit.

In a recently issued notice to stakeholders, the European Commission (EC) emphasised the importance of having a data transfer agreement in place after the UK leaves the European Union, further underlining the urgent need for UK businesses to review their personal data protection practices.

Read more about the GDPR

  • Max Schrems champions NGO to fight for GDPR rights.
  • Computer Weekly looks at options for tools to help organisations comply with the EU’s General Data Protection Regulation.
  • The full impact of the EU’s General Data Protection Regulation (GDPR) is complex, warns the head of ICT at T-Systems Belgium.
  • The General Data Protection Regulation (GDPR) comes into force in May 2018. We explore common myths surrounding GDPR.

In view of the “considerable uncertainties”, particularly around the content of a possible withdrawal agreement, the notice said that all stakeholders processing personal data are reminded of the legal repercussions that need to be considered when the UK leaves the EU.

The EC notice confirms that, as a third country, the UK’s “adequacy” for EU data protection law purposes is a matter for decision by the EC, rather than a status that occurs automatically.

Stewart Room, data protection lead partner at PricewaterhouseCoopers (PwC), said UK organisations can rest assured that even if that adequacy decision is not given, there will be plenty of other opportunities open to them.

Giving evidence to a committee hearing on Brexit and data protection in the House of Lords on 20 December, digital minister Matt Hancock said he was sure UK will obtain and maintain EU data protection adequacy.

“I am confident the UK will be in a good place because data protection standards in the UK will be significantly higher and more aligned with the EU than other countries that have adequacy already,” he said.

Read more on Regulatory compliance and standard requirements