East Midlands firms blissfully unaware of new wide-ranging data protection rules

Stuart Padgham Irwin Mitchell Solicitors

Many East Midlands firms seem to be unaware of the new wide-ranging data protection rules which come into force in less than a year’s time according to the findings of a survey

A YouGov survey of over 2,000 businesses which was commissioned by national law firm Irwin Mitchell, reveals that only three in every 10 (29%) have started preparing for the new General Data Protection Regulation (GDPR) which commence on 25 May 2018.

GDPR represents the biggest change in 25 years to how businesses process personal information and it replaces existing data protection laws.

Under the new rules, the maximum fine for certain data breaches in the UK will rise from £500,000 to €20million or 4% of global turnover, whichever is larger. Despite this and the fact that virtually all businesses will be affected, only 38% admit to being aware of the rules.

Seventy one per cent are unaware of the new fines and 18% say they would go out of business if they received the maximum punishment. Ten per cent think they would need to make significant job cuts with a further 21% admitting that smaller scale headcount reductions will be necessary.

The notification of certain data breaches where there is an impact on privacy, such as a customer database being hacked or a letter being put in the wrong envelope, must be given to the Regulator within 72 hours under the new regime.

Other changes under the GDPR include an obligation to be more transparent about how personal data is used. Businesses will also need to have processes in place in case an individual asks for all their personal data to be erased.

Irwin Mitchell believes the low level of awareness of GDPR is caused by a number of misconceptions that exist about the new rules and say this has led to a level of complacency.

This view is supported by 33% of businesses, who think GDPR will have no impact, claiming that GDPR is not an issue for their sector. Twenty two per cent claim it isn’t relevant to their business as they are not a consumer business.

The reality is that the rules encompass a wide range of personal data including employee data, payroll and pension records. They also apply to data in a business context where individuals are concerned, such as sole traders and partnerships.

Stuart Padgham, partner & National Head of Commercial at Irwin Mitchell, told Business Link: “It is important to recognise that taking a proactive approach towards GDPR compliance will potentially reap financial benefits.  Good data governance can build customer trust and the right permissions can also help businesses take advantage of the Big Data Revolution and enable them to commercialise their data for competitive advantage.”