GDPR privacy policies have not been updated in 90 percent of businesses - survey

21/09/2017 News Team

Nine out of ten businesses have not made updates to their privacy policies ahead of the implementation of the General Data Protection Regulation (GDPR) on 25 May 2018, according to a survey by UK law firm Blake Morgan.

Other findings from the survey of 100 businesses across England and Wales show that 13 percent have updated privacy policies, while 23 percent are unaware of the new data protection laws. Furthermore, 39 percent have not taken any steps to prepare for the new law, and 38 percent are not confident they will be able to comply with GDPR by the deadline.

Over a fifth (21 percent) do not have a senior person in place responsible for data protection, despite the new law focusing on greater transparency as to how personal data is collected, retained and processed, making organisations more accountable and giving enhanced rights to those whose personal data is being collected and processed.

The law has a significant fines regime of up to £17 million for the most serious breaches, or four percent of worldwide turnover depending on whichever is greater, as well as a requirement to notify personal data breaches within 72 hours where they are likely to result in a risk to people’s rights and freedoms.

Over three quarters of businesses (76 percent) have not put systems in place to ensure that data security breaches are notified in line with GDPR, and 77 percent have not reviewed their data processing contracts, though they will be under greater scrutiny under GDPR.

Partner at Blake Morgan, Simon Stokes, who specialises in data protection law said the survey “highlights that a significant proportion of organisations across the public and private sectors are still underprepared for these major changes to data protection law”.

He added that there “appears to be genuine confusion among many business leaders about what the new law means and how to achieve full compliance”, and noted that some survey comments show “a desire for clearer guidance and the mountain of work that many organisations believe they are facing because of the sheer volume of data and a limited timescale”.

Mr Stokes concluded: “GDPR Compliance is good corporate housekeeping.  Not only will it avoid running the risk of financially and reputationally damaging fines or sanctions – ultimately it will assure the public’s trust in your organisation at a time when data privacy and security are more important than ever before. 

“As the UK's data protection regulator ICO has recently highlighted GDPR is essentially about trust.”

Blake Morgan provides legal services across the private and public sectors and has six offices: Cardiff, London, Oxford, Portsmouth, Reading and Southampton. 

Share with Linkedin Share with Twitter

Poor   Average   Good   Excellent