Out-Law News 1 min. read
31 Mar 2017, 4:43 pm
According to research by information management company Crown Records Management, 24% of UK businesses have stopped all preparations for achieving compliance with the new General Data Protection Regulation (GDPR).
The survey, of 408 IT decision makers at UK companies that employ between 100 and 1,000 employees, also found that 44% of UK businesses do not believe the GDPR will apply to UK companies once the UK formally exits the EU.
The GDPR will apply from 25 May 2018, which is prior to the date that the UK is due to formally exit from the EU.
The UK government delivered formal notification to the EU of the UK's intention to leave the EU under article 50 of the Treaty on European Union earlier this week, beginning a two-year process of withdrawal from the trading bloc, subject to an extension which must be agreed by all member states.
Even if the UK decides post-Brexit to change data protection laws relating to the processing of UK citizens' personal data, UK businesses would continue to be subject to the GDPR where when processing the personal data of EU citizens.
The Institute of Directors recently highlighted the GDPR as legislation that businesses in the UK need to prepare for in a report in which it warned that a "worrying number" of UK businesses lack a plan for dealing with cyber attacks. The GDPR will require organisations to disclose major data breaches, including those stemming from cyber attacks, to data protection authorities and affected customers.
“We’ve not heard that people have stopped preparing [for the GDPR]," an ICO spokesperson told Out-Law.com. "However, we do recognise there’s a long way to go for organisations to be ready for GDPR. We are committed to helping organisations prepare and have a dedicated data protection reform website, which contains lots of advice and will be updated regularly."