A survey carried out by the Institute of Directors (IoD) has suggested that almost a third of company directors have not heard of the new General Data Protection Regulation (GDPR).
The GDPR comes into effect on 25 May 2018, and will strengthen the obligations on all businesses in regard to the safeguarding of individuals’ personal information. Firms must be accountable for their data usage, and must identify a lawful basis for processing personal data.
The IoD surveyed almost 900 businesses and found that four in ten company directors don’t know if their business will be affected by the new data protection rules.
It also discovered that half of directors have not discussed GDPR compliance arrangements with individuals with whom they share data.
Commenting on the findings, Jamie Kerr, Head of External Affairs at the IoD, said: ‘It was clear from the outset that this would be a mammoth task for small and large businesses alike, but the scale of the challenge has not necessarily translated into preparedness for the new regulation, despite the huge costs of non-compliance.
‘It is crucial everyone understands just how big this regulatory change will be for business leaders over the next few months.
‘We urge the regulator to step up its engagement with businesses to ensure that they are spreading the message far and wide.’
Businesses who fail to comply with the GDPR will face fines of up to €20 million, or up to 4% of total annual worldwide revenue, whichever is the greater.