back to article UK biz: Oh (yawn) GDPR? Was that *next* May? – survey

UK businesses are risking damaging fines by ignoring the implications of upcoming data protection rules, according to a new survey. A poll of 2,000 businesses by YouGov exposed a significant lack of awareness and urgency among many businesses concerning the General Data Protection Regulation (GDPR), which comes into effect on …

  1. Your alien overlord - fear me

    So, Facebook and Google - in the 33% not applicable to us or the 22% we're not a consumer business?

    1. Anonymous Coward
      Anonymous Coward

      The 1% "we've got enough lawyers to push our luck for a few years" boat.

  2. This post has been deleted by its author

    1. Mark 110

      Re: Brexit?

      Its going to be UK law regardless of Brexit. Whether a future UK government changes it after Brexit is another matter.

      1. Hawkeye Pierce

        Re: Brexit?

        It's also going to apply to anyone wanting to do business with, or in, an EU country regardless of where you are based. So whether or not a future UK government "changes it", you'll need to comply if you want to do business in the EU (and if you believe that any penalties under GDPR will be enforceable).

        1. JimmyPage
          Flame

          Re: Brexit?

          And because the UK isn't member of the EU at that point, they'll have to suck it up. No way to make any changes if we don't like it.

          Like every other EU regulation that will need to be complied with if the UK wants their business.

  3. Anonymous Coward
    Anonymous Coward

    does it apply to Cambridge Analytics? Or is their damage already done?

  4. LDS Silver badge

    "21 per cent saying it would lead to large-scale redundancies"

    That's how they're going to fight it in courts...

  5. EnviableOne Silver badge
    Stop

    Its already law

    It Law now, and has been for a year, its just not being enforced untill May 2018, and the Brexit process AKA Article 50 doesnt finish untill May 2019.

    GDPR in terms of its rights and responsibilities is not so different to DPA, its just that yo need to prove your compliance with GDPR and that of your subcontractors who can be sued jointly or severably (rather than just you taking the can)

    The other changes bring in some interveening regulations like the right to be forgotten and data portability

    Even post brexit its likley to be kept as the ICO wrote a lot of it. there may be some issues with enforcement thought as ICO dont really have the staff to handle the mount of work involved. (i've heard from reputable sources they need approx 10x the staff and DCMS wont stump up the cash)

    On top of all this, we are still waiting for how the national derogations will pan out, so nothing has really changed since may last year, and a lot of things still need ironed out.

    1. phuzz Silver badge

      Re: Its already law

      "€20m or 4 per cent of global turnover"-fines should help pay for some more staff.

  6. GingerOne

    But surely it's applicable to every business. If you hold data on a person then you must comply. Every website that uses user profiles (El Reg - are you compliant?) anyone that takes payment in any form other than cash. If you hold my data then I will be able to ask for ALL of the details you have on me and be able to ask for you to delete them, ALL of them, including from backups (if I understand it correctly).

    There are going to be some very, very rich lawyers and a lot of businesses going to the wall. Sadly, it'll mostly be small companies that go under. The monliths with get through it all I'm sure (more's the pity).

    On the plus side there will be more work for anyone currently involved in the PPI stuff as that fizzles out and a whole new raft of GDPR IT professionals.

  7. Tony S

    From my own observations, although many businesses might say that they are aware of the detail and are starting to work on it, I suspect that in reality, the person answering the survey has said that to make it sound like they are trying to get on top of it.

  8. Anonymous Coward
    Anonymous Coward

    GDPR could become the next EUVAT stink

    GDPR affects every single business, small trader, voluntary organisation, sports club whether you have electronic records or manual records, or whether you are in IT, or just run something as simple as a hairdressers.

    Maintain a list of members, or customers, or suppliers, use email and you're pretty much certain to need GDPR compliance. Unlike the DPA where you just had to fill a form in and pay a fee, under GDPR you have to demonstrate you are compliant - documents, policies, training, supplier contracts (eg gmail) and potentially audits - the whole bureaucratic shebang.

    That means every single organisation in the UK has to audit and document its data, data policies and have mechanisms for consent management and security in place. If it costs a minimum of 2 days consulting time or equivalent at £400 per day - for the UK's 5.5m+ businesses, that's an implementation cost of at least £4bn. Once it gets better known among haulage companies, and taxi-drivers and the folk who run the football clubs I can see there being the most humongous stink about GDPR - it is a classic bureaucrat's solution with much too much 'you must' instead just leaving it at 'you must not'.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020