Danny McCance 17 Oct 2017 02:05pm

Nearly a third of directors have not heard of GDPR

Four in 10 directors said they were not aware of how General Data Protection Regulation (GDPR), due to come into force in the UK next May, would affect their businesses

Jamie Kerr, head of external affairs at the Institute of Directors (IoD), which conducted the research, points to the difference between those that are unaware and those already complying.

“On the one hand a lot of people either don’t know about it, don’t understand or don’t know whether they’ll need to be compliant with it, and on the other hand those that do are setting in place the right structures to make sure they are,” Kerr said.

“Quite frankly I’m not surprised by the figures from the IoD,” said Mark Taylor, ICAEW technical manager, technical innovation.

“They’re in line with the conversations we’ve been having with members, the public and other professional bodies, so this is not unsurprising,” he added.

Of those who were aware, 86% were very or somewhat confident of being compliant by the 21 May 2018 deadline.

“I’m positive about the figures with regards the levels of businesses that feel confident that they’re going to become compliant,” said Taylor.

“It shows that while not every director is necessarily aware, companies are making good progress towards becoming compliant – so that’s a useful statement in itself.”

Kerr said regulatory factors such as auto-enrolment, the apprenticeship levy, changes to the national living wage, new reporting requirements and businesses’ contingency plans approaching Brexit were pushing back compliance deadlines for smaller businesses.

 The research also found that only half of directors had engaged with partners or vendors who they shared data with.

When asked where they would find information, the majority (52%) said they would speak to external private advisors and 45% said they would go to the government or Information Commissioner’s Office (ICO).

“This is an opportunity for ICAEW members, as they can take the skills that they have already with regards to understanding confidentiality and security,” said Taylor.

“They can use these as ways of advising their clients and trusted partners, and reassuring them about the methods and approaches that they can use to become GDPR compliant, and surrounding the use of good cyber security.”

“A lot is going to depend on the messaging being stepped up by the Information Commissioners Office and the government,” Kerr said.

“It would help if [people] are given step-by-step guidance through the process of complying with it.

“Possibly more than they are getting at the moment, as clearly that doesn’t seem to be filtering through.”

In June, research suggested that thousands of businesses would be at risk of being fined over GDPR, the maximum cost of which would be €20m, or 4% of annual turnover.