5th July 2017
GDPR: One year to compliance and opportunity
Compliance with the European Union’s (EU’s) General Data Protection Regulation (GDPR) is set to be enforced in a year’s time on 25 May 2018, and the consequences for non-compliance could be steep with fines of up to €20m or 4% of global turnover, whichever is greater.
The race is on for many UK organisations to ensure they are compliant by the deadline. The government has made it clear that the UK will implement the GDPR fully and that future UK data protection legislation will mirror the GDPR to ensure uninterrupted data flows.
However, a survey by software firm Compuware indicates that while 38% of 400 CIOs worldwide have comprehensive plans for GDPR compliance, only 19% of CIOs polled in the UK said they have comprehensive plans in place, which marks only a marginal improvement from 18% in 2016.
Identifying the areas of most concern, 56% of all respondents said data complexity and ensuring data quality are the two biggest hurdles they will need to overcome to achieve GDPR compliance.
In addition, 75% of organisations said the complexity of modern IT services means they cannot always know where all customer data resides, while just over half (53%) said they could locate all of an individual’s data quickly, as will be required to comply with the GDPR’s “right to be forgotten” mandate.
Nearly a third (31%) admitted that, at present, they couldn’t guarantee they would be able to find all of a customer’s data.
“It’s worrying that, with only a year to go, many organisations still have a lot to do,” says Mark Thompson, global privacy advisory lead at KPMG.
“The truth is that many just don’t understand what they have to do and how to deal with it. The unknowns around Brexit have also posed some uncertainty on what GDPR will mean to the UK post-Brexit.
“When it comes to Brexit, it is critical to understand that if the UK is going to continue to trade with the EU, the free flow of personal information must be maintained. As such, we have to have an adequate privacy ecosystem in operation in the UK which is aligned to the requirements of the GDPR,” he says.