BBC Publishes Article Describing GDPR Panic Among Businesses

Today the BBC published a news article on the panic many businesses are now in over the imminent implementation of the GDPR in May 2018.

According to the BBC article, some research indicates just 29% of UK businesses have begun to prepare for the GDPR. Another forecast was that European financial institutions could face fines of nearly €5 billion in the first 3 years following the GDPR’s coming into force.

The BBC article highlighted the way the GDPR changes how entities will be able to handle and use individuals’ personal data. One of the key changes highlighted in the article relates to cybersecurity.  The BBC highlighted the provisions requiring data breach notification to the relevant national data protection authority within 72 hours. This is a particularly salient provision in light of the storm of cyber-attacks that companies have had to contend with in the past few weeks, notably ransomware such as WannaCry and Petya.

Individuals’ rights are also greatly increased under the GDPR. By way of example, from May 2018 they will be able to demand that their data be erased (the “right to be forgotten”).

The BBC also highlights the risk of non-compliance. Firms that breach the rules under the GDPR may face fines of up to 4% of the group’s annual worldwide turnover. A spokesperson for the ICO, the UK’s data privacy watchdog, has stated that companies which place great store in protecting individuals’ personal data and market themselves as doing so will gain a competitive advantage over others.

Unfortunately, many businesses are unsure how to start the process of making the necessary operational changes to become GDPR compliant.  Research on preparedness for the GDPR has also indicated that a majority of companies affected by the new rules may not even be aware that they are subject to the GDPR. The BBC cautioned that if businesses do not take responsibility for GDPR implementation at the most senior levels of a company, the company will likely fail to become compliant by the fast approaching May 2018 deadline.

The BBC article is available here: