A well known law firm has reported that nine out of ten organisations have still not made crucial updates to their privacy policies ahead of GDPR.
As time runs out to comply with the General Data Protection Regulation (GDPR), a survey by the law firm found many organisations may be at risk of non-compliance, risking regulatory action and reputational and brand damage if they do not comply soon.
The digital economy is growing at a fast pace, GDPR represents the biggest shift in data protection for years and all organisations which retain or process personal information will need to comply.
The new GDPR law focuses on allowing organisations to demonstrate a greater transparency as to how personal data is collected, retained and processed. This makes organisations more accountable and gives increased rights to those whose personal data is being collected and processed.
The new GDPR law is backed up with significantly higher fines for the most serious breaches of up to £17 million or four per cent of worldwide turnover – whichever is greater – and a requirement to notify personal data breaches within 72 hours where they are likely to result in a risk to people’s rights and freedoms.
The recent survey revealed over 10 per cent of those surveyed had updated their privacy policies to comply with the new GDPR law, while only a quarter had put in place systems to ensure data security breaches were notified in line with GDPR.
Further research has revealed that organisations are confused about what the new law means for them and how to achieve full compliance.
GDPR Compliance is good organisational housekeeping. This will help avoid running the risk of financial and reputational damaging fines or sanctions. Ultimately it will assure the public’s trust in your organisation at a time when data privacy and security are more important than ever before. ICO, the UK’s data protection regulator has recently highlighted that GDPR is essentially about trust.
The survey findings show almost 40 per cent of organisations surveyed had not taken steps to prepare for the new GDPR regulations. In addition, more than a third were not confident they would be able to comply with GDPR by the deadline day of the 25th May 2017.
Is your company prepared for the new GDPR regulations?