INDUSTRY FOCUS
UK companies could be exposed on DP laws post-Brexit
Mythology about European laws not impacting the UK post-Brexit has resulted in more than a quarter of British businesses in the retail sector cancelling all preparation for the EU General Data Protection Regulation (GDPR) on the misunderstanding that it will not apply.
The GDPR regulation, which has been years in the pipeline, is designed to harmonise data protection regulation throughout Europe and provide citizens with more control over their personal data.
It has been ratified by the UK and is due to come into force in May 2018 – almost certainly before Britain completes its exit from Europe.
However a survey of IT decision makers in the retail sector by information management experts Crown Records Management has revealed that:
- 27 per cent have cancelled all preparations because of Brexit – only banking returned a higher result.
- A further 3 per cent have not even begun preparation.
- 47 per cent think the regulation will not apply to UK businesses after Brexit.
- 6 per cent don’t have plans for staff training on data protection.
John Culkin, Director of Information Management at Crown Records Management, believes the results are alarming.
He said: “For so many businesses in the retail sector to be cancelling preparations is a big concern because this regulation is going to affect them all in one way or another.
“Firstly, it is likely to be in place before any Brexit. Secondly, although an independent Britain would no longer be a signatory it will still apply to all businesses which handle the personal information of European citizens.
Information Commissioner Elizabeth Denham has told businesses there’s no time to delay in preparing for “the biggest change to data protection law for a generation”.
Addressing company Boardrooms, Denham called on businesses to see the commercial benefits of sound data protection and act now to ensure they’re fully compliant with the GDPR by the deadline 25 May 2018.
Denham explained: “If your organisation cannot demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance. There’s a carrot here as well as a stick: make sure data protection is right and you can see a real business benefit.”