UK biz: Oh (yawn) GDPR? Was that *next* May? – survey

Be a love and check if we're a data processor. It should be on the internet somewhere

UK businesses are risking damaging fines by ignoring the implications of upcoming data protection rules, according to a new survey.

A poll of 2,000 businesses by YouGov exposed a significant lack of awareness and urgency among many businesses concerning the General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018. Only three in every 10 (29 per cent) have started preparing for the new data governance rules.

The majority of British businesses are unaware of the new wide-ranging data protection rules, despite 18 per cent admitting the maximum fine for non-compliance would force them out of business and 21 per cent saying it would lead to large-scale redundancies.

GDPR – which will replace existing data protection laws – represents the biggest change in 25 years to how businesses process personal information, according to law firm Irwin Mitchell.

Under the new rules, the maximum fine for data breaches in the UK will rise from £500,000 to €20m or 4 per cent of global turnover, whichever is larger. Despite this severe sanction that affects virtually all businesses, only 38 per cent of those quizzed said they were aware of the rules and 71 per cent are unaware of the new fines.

Joanne Bone, partner and data protection expert at Irwin Mitchell, the firm that commissioned the survey, said: “These results are concerning because with next May’s deadline fast-approaching and with so much at stake, our study reveals there’s a very real possibility that the majority of organisations will not be compliant in time.”

Notification of certain data breaches where there is an impact on privacy, such as a customer database being hacked, must be made to regulators with 72 hours under GDPR. Only one quarter (26 per cent) of businesses expressed confidence that they would be able to detect a data breach within their organisation.

Other changes under the GDPR include an obligation to be more transparent about how personal data is used. Businesses will also need to have processes in place in case an individual asks for all their personal data to be erased.

Irwin Mitchell believes the low level of awareness of GDPR is caused by a number of misconceptions about the new rules, as well as a certain amount of complacency.

A third of businesses reckon GDPR will have no impact, claiming that the regulation is not an issue for their sector. A further 22 per cent claim it isn’t relevant to their organisation because they are not a consumer business.

According to Irwin Mitchell, the rules encompass a wide range of personal data including employee data, payroll and pension records. They also apply to sole traders and partnerships.

Irwin Mitchell’s Bone added: “Contrary to popular belief, personal data is not just consumer information. It is hard to think of a business today that does not use personal data. Whether you have employee data, customer data or supplier data – if the data relates to an individual you will be caught by the new data protection laws.”

The survey also found that 19 per cent view the new data protection rules as an opportunity and 14 per cent said the rules will have a positive impact on their organisation. ®

Other stories you might like

  • DuckDuckGo tries to explain why its browsers won't block some Microsoft web trackers
    Meanwhile, Tails 5.0 users told to stop what they're doing over Firefox flaw

    DuckDuckGo promises privacy to users of its Android, iOS browsers, and macOS browsers – yet it allows certain data to flow from third-party websites to Microsoft-owned services.

    Security researcher Zach Edwards recently conducted an audit of DuckDuckGo's mobile browsers and found that, contrary to expectations, they do not block Meta's Workplace domain, for example, from sending information to Microsoft's Bing and LinkedIn domains.

    Specifically, DuckDuckGo's software didn't stop Microsoft's trackers on the Workplace page from blabbing information about the user to Bing and LinkedIn for tailored advertising purposes. Other trackers, such as Google's, are blocked.

    Continue reading
  • Despite 'key' partnership with AWS, Meta taps up Microsoft Azure for AI work
    Someone got Zuck'd

    Meta’s AI business unit set up shop in Microsoft Azure this week and announced a strategic partnership it says will advance PyTorch development on the public cloud.

    The deal [PDF] will see Mark Zuckerberg’s umbrella company deploy machine-learning workloads on thousands of Nvidia GPUs running in Azure. While a win for Microsoft, the partnership calls in to question just how strong Meta’s commitment to Amazon Web Services (AWS) really is.

    Back in those long-gone days of December, Meta named AWS as its “key long-term strategic cloud provider." As part of that, Meta promised that if it bought any companies that used AWS, it would continue to support their use of Amazon's cloud, rather than force them off into its own private datacenters. The pact also included a vow to expand Meta’s consumption of Amazon’s cloud-based compute, storage, database, and security services.

    Continue reading
  • Atos pushes out HPC cloud services based on Nimbix tech
    Moore's Law got you down? Throw everything at the problem! Quantum, AI, cloud...

    IT services biz Atos has introduced a suite of cloud-based high-performance computing (HPC) services, based around technology gained from its purchase of cloud provider Nimbix last year.

    The Nimbix Supercomputing Suite is described by Atos as a set of flexible and secure HPC solutions available as a service. It includes access to HPC, AI, and quantum computing resources, according to the services company.

    In addition to the existing Nimbix HPC products, the updated portfolio includes a new federated supercomputing-as-a-service platform and a dedicated bare-metal service based on Atos BullSequana supercomputer hardware.

    Continue reading

Biting the hand that feeds IT © 1998–2022