LONDON – Almost two-thirds of British businesses are unaware they could face fines of up to €20million with the introduction of new data protection laws, according to a survey done by YouGov for national law firm Irwin Mitchell.
The survey asked 2,129 businesses if they had heard about new General Data Protection Regulation (GDPR) rules, with 62% saying they had not.
At the moment, UK businesses can be fined up to £500,000 for infringing data protection laws. However, this upper limit is
However, this upper limit is due to skyrocket to €20million or 4% of a company’s global turnover, as of 25th May 2018. The report said it was “striking and concerning” that, although some businesses said they were aware of the upcoming changes, very few were aware of just how high the new fines could be.
Smaller businesses were least aware and so most at risk of being hit with large fines: only 22% said they had heard of the rules, compared to 43% of medium-sized and 56% of large businesses.
Other key findings:
- Only 57% of financial services companies knew about the changes, with media and marketing companies towards the bottom of the list, at 38%. When asked about the possible impacts of these new fines, almost a fifth of the businesses surveyed said they would go out of business.Almost a quarter said they thought it was unlikely or very unlikely that they would even be aware of a data breach if one occured.
Although the new laws are being enforced from Brussels, Brexit won’t exempt British businesses from the changes: “It’s important to understand that Brexit does not mean that GDPR compliance efforts can stop. The government has made it clear that GDPR will be the law in the UK both before and after Brexit,” said Daniel Hedley, a partner at Irwin Mitchell.
“Any businesses that have put their compliance efforts on hold following the referendum result should restart them immediately,” he said.
There were a record number of fines in the UK for data breaches in 2016: the number of fines almost doubled in 2016 to 35, totaling £3.2million, up from £541,000 in 2011. Both the number and value of fines are predicted to rise after the new rules are implemented in 2018.
The new rules will force businesses to be more transparent about how customer data is collected and stored, and all data breaches will have to be reported to regulator the Information Commissioner’s Office within three days.