Almost a quarter of UK businesses have brought in a new hire specifically to make sure they comply with the new EU General Data Protection Regulation, according to a study.
With the threat of fines of up to 20 million euros looming and less than eight months to go until the wide-ranging regulations come into force, research from learning provider Litmos Heroes discovered that 22 per cent recruited new staff to tackle the impending changes.
However 11 per cent of the 500 UK business owners and decision makers that took part in the survey admitted they don’t know which of their current team members would handle the responsibility of making sure the business was GDPR-ready.
Sixty per cent admitted that they don’t have any plan in place to ensure their current staff are trained and know what is expected of them after the May 25, 2018 deadline.
And although they are considered to be the custodians of data protection in many UK businesses, the study found that one in ten IT businesses haven’t even heard of GDPR.
Worryingly, four per cent of IT service businesses admitted that they don’t currently comply with UK data protection laws already – and 20 per cent confessed to having inadequate safeguards in place right now to protect customer data.
Tom Moore is managing director of Litmos Heroes, which is leading the charge for better training and awareness raising of the impending changes across UK plc.
“Now is the time for businesses to act, before the multi-million-pound fines come into play. It’s not too late,” he said.
“Our study paints a stark picture of how seriously – or not – some UK businesses are taking GDPR. On the plus side, it’s fantastic to see that around a quarter of businesses are recruiting new talent to tackle the GDPR changes head on.
“However, the findings raise a number of concerns and it seems that some businesses really need to be reminded about the impact of these new regulations.
“Let’s be clear: If any organisation handles the data of a EU citizen – whether Brexit or no Brexit – it will apply to them.
“I think one of the really staggering outcomes of this study is that, as custodians of many organisations’ data protection controls, so many IT businesses are under-prepared.”
Across all sectors in UK plc, almost 30 per cent of business decision makers are totally in the dark about the law changes. More than 30 per cent said they have done nothing at all towards becoming GDPR-ready – and ten per cent said they don’t plan to.
The research, which was carried out to mark the launch of Litmos Heroes’ new GDPR course for global businesses and SMEs, found that nine out of ten admitted that if the regulation was introduced tomorrow, they wouldn’t be ready.
“Around a quarter of the people included in our survey said they didn’t think GDPR would be strictly enforced,” added Moore.
“But come May 2018 they still need to be ready, because this is going to be enforced whether they like it or not.
“It’s this stark picture – and the worrying lack of knowledge and general awareness about GDPR – that has encouraged our team to produce a need-to-know video training module to help businesses and leaders get GDPR-ready.”
The GDPR was adopted into law by the EU Parliament in April 2016 and, from May 25, 2018, it will apply to all companies processing and holding the personal data of people who live in the EU, regardless of where the business is located.
It was designed to make sure that data privacy was standardised across Europe, to protect citizens’ data privacy and to reshape the way that businesses right across the region think about and implement data privacy.
The penalties for failing to comply are potentially huge. Organisations that fail to meet the regulation can be fined up to four per cent of their annual global turnover, up to a maximum of 20 million Euros.
Litmos Heroes says it is saving the world from boring learning with a library of hundreds of engaging learning modules and thousands of blended learning resources.