Despite the General Data Protection Regulation (GDPR) set to be implemented a year from today (25 May), many businesses still remain unprepared for the arrival of the new regulations on a day that the UK information commissioner Elizabeth Denham has warned that business cannot afford to get it wrong.
New research from the Direct Marketing Association (DMA), which boasts more than 1,000 companies as members, has found that only 54 per cent of businesses feel they will be ready by this time next year – down from 68 per cent in February. Perhaps more worryingly, 24 per cent of companies have yet to start a GDPR plan.
Awareness of the GDPR sits at 96 per cent, however, the number of marketers that personally feel ‘extremely’ or ‘somewhat’ prepared fell from 71 per cent to 61 per cent.
“Despite high levels of awareness, with a year to prepare for the new laws, the number of businesses that believe they will be ready in time has dropped to just over half,” said Chris Combemale, CEO of the DMA Group. “Recent announcements and guidance from the ICO have caused much concern, that the interpretation of the laws is overly strict, penalising the companies most committed to best practice, honesty and transparency. What the industry needs is balanced and fair guidance from the ICO and Article 28 Working Party. With just 12 months to prepare we need this guidance urgently if we’re expected to be ready in time.”
The DMA’s research also found that marketers’ perceptions of how the GDPR will affect them have changed – with those believing the will be ‘very’ or ‘extremely’ affected rising from 44 per cent to 54 per cent. The biggest concerns of these marketers being consent, legacy data, implementing a compliant system, and profiling.
The DMA also reports that, since the Brexit vote, a net nine per cent of marketers said trade within the UK had decreased, while a net eight per cent said it had decreased within the EU and only two per cent believe trade with non-EU countries had increased. 93 per cent of marketers understand that the GDPR will happen regarding of the decision to leave the EU.
“As Britain’s role in the world changes, we must look at a global approach to free trade with free movement of data at its heart and the UK at the centre,” said Combemale. “Britain, as the leading digital economy, is well placed to be this global centre of innovation, skills and competencies driving global economic growth. But we need clear guidance from regulators or risk the consequences come 26 May 2018.”
Consumer credit reporting agency Equifax understands the importance of businesses understanding the potential consequences.
“The one year countdown to the implementation of GDPR brings an even greater responsibility to ensure security is first class," said Steve Martin, data protection officer at Equifax, speaking of telco operators in particular. “A data breach under the regulation may result in heavy fines of up to either 4 per cent of global revenue or €20m, whichever is higher. The financial risk is significant to telco operators. Strategies need to be implemented to ensure appropriate management of data, including how it’s transferred, shared, stored and recovered.
“At the heart of the change is more transparency for consumers; companies must provide clear communication detailing how they manage and protect data from the outset. To avoid confusion, win consumers’ trust, and ensure data can continue to be used effectively, all parties in the data sharing chain need to work together to agree a common approach for privacy notices," Martin continued.
“The financial penalty for a breach is high, but telcos mustn’t lose sight of the benefits of GDPR. It brings an opportunity to improve the public’s understanding of how their information is used and kept safe, and their rights to access, control and correct information held on file. To ensure this is achieved, companies must strike the right balance between compliance and a consumer-friendly approach.”