Nine out of 10 businesses have still not made crucial updates to their privacy policies ahead of GDPR, according to a new survey. As time runs out to comply with the General Data Protection Regulation, the survey by law firm Blake Morgan found many organisations may be at risk of non-compliance, risking regulatory action and reputational and brand damage.
With the massive growth of the digital economy, GDPR represents the biggest shift in data protection for many years and all organisations which retain or process personal information will need to comply.
The new law focuses on greater transparency as to how personal data is collected, retained and processed, makes organisations more accountable and gives enhanced rights to those whose personal data is being collected and processed.
It is backed up with a significantly higher fines regime for the most serious breaches of up to £17 million or four per cent of worldwide turnover – whichever is greater – and a requirement to notify personal data breaches within 72 hours where they are likely to result in a risk to people's rights and freedoms.
Blake Morgan’s research revealed just over 10 per cent of those surveyed had updated their privacy policies to comply with the new law, while only a quarter had put in place systems to ensure data security breaches were notified in line with GDPR.
Simon Stokes, a partner specialising in data protection law at Blake Morgan, said: “Our survey highlights that a significant proportion of organisations across the public and private sectors are still underprepared for these major changes to data protection law.
“There appears to be a genuine confusion among many business leaders about what the new law means and how to achieve full compliance.