17 October 2017
Firms risk millions under looming data protection laws
Businesses are unprepared for new data protection rules that come into force in 2018, risking millions of pounds in fines, the Institute of Directors is warning.
The new laws, which come into force in May next year, govern how companies create, capture, store and share customers' data - and yet a survey shows 30% of directors have never even heard of them.
The maximum fine for non-compliance is £20 million, or 4% of annual turnover, which could amount to hundreds of millions for larger companies, like Facebook.
The social media giant - that was fined £150,000 in France for mishandling user data, could face financial sanctions of up to £500 million under Britain's new rules.
Despite the severity of the fines, the survey of 900 institute members finds that companies are worryingly unprepared for the introductions of the new laws.
Around four in 10 companies are unaware if they will be affected by the new rules, and half of directors have yet to discuss compliance arrangements with partners or third party vendors with whom they share data, which will soon be required by the law.
Jamie Kerr, head of external affairs at the Institute of Directors says responsibility for ensuring companies are ready falls upon the Information Commissioner's Office - which will be enforcing the law.
He said: "We urge the regulator to step up its engagement with businesses to ensure that they are spreading the message far and wide.
"In particular, it needs to emphasise in simple terms the criteria for compliance, what steps companies will have to take to comply and what the penalties are for not meeting the new standards."
Corporate and commercial partner, Alex Zachary can assist businesses to implement change ahead of the GDPR legislation deadline. Contact 01753 279022 or email email@example.com for more details.