With exactly 12 months to go before the biggest shake-up of data laws in a generation comes into force, data protection experts have joined forces to urge UK companies to act now before it is too late.
While recent GDPR coverage has concentrated on dire warnings of the consequences of non-compliance – with dire warnings being issued almost daily – Information Commissioner Elizabeth Denham has used the countdown to promote a more measured approach. In a blog post she said: “The large fines for getting it wrong are the obvious headline here for the business world, driving the importance of data protection to an executive level.
“But there’s a carrot here as well as a stick, and as regulators we actually prefer the carrot. Get data protection right, leverage it to your advantage, and the business benefits could pay dividends.”
As part of its new drive, the ICO has also relaunched its 12 steps to take to prepare for GDPR, with updated guidance and increased focus on the need to act now to prepare for May 2018 as well as an updated data protection toolkit for SMEs which goes live on the ICO website, including a new element focused on getting ready for GDPR.
Denham added: “With just one year to go until the law is implemented, there is no time to delay preparing for it. This is about more than the legislation: it’s about good customer service and building trust with your consumers.”
Ctrl-Shift chief executive Liz Brandt agrees. She said: “Businesses that act now can prosper from GDPR. It does not have to be a burden, but can instead be an opportunity. It enables businesses to totally reframe their consumer relationships, build trust and deliver more valuable services.
“By acting now and thinking big, some businesses will gain significantly from GDPR.”
Meanwhile Ashley Winton, partner at law firm Paul Hastings and chairman of the UK Data Protection Forum, has urged firms to pause and check that they will get to the finish line in time.
He added: “Many companies are undertaking a detailed GDPR gap analysis or sophisticated data mapping, and whilst they can be useful tasks in themselves, it is worth re-examining them to see if they can be simplified in order to bring forward key remediation tasks.
“For many companies, GDPR compliance will be greatly assisted by alterations to existing databases and technologies, and so in the GDPR compliance triage, an immediate focus on technology could be a lifesaver. In the UK there will be no grace period for compliance with the GDPR so with 365 days to go and counting, now is the time for businesses to re-assess their approach to becoming compliant.”
But Denham concluded: “You do need to act, and soon. There really is no time to waste.”
GDPR countdown fuels warning of 4,500% rise in fines
84% of UK SMEs have still not heard of EU data reforms
ICO’s 2016 fines would rocket to £69m under GDPR
TalkTalk could have faced £70m fine under GDPR
20% of firms fear ruin as GDPR panic spreads globally
ICO insists GDPR guidance will cover legitimate interest
Industry on alert over third-party data legal crackdown
DMA joins forces in bid to demystify legitimate interests
GDPR consent updates spark chilling warning to brands
GDPR compensation to dwarf £30bn bill for PPI claims