Skip to main content
Become a member


  • Register
  • Login
Register Login

Article

Press Releases

Too many bosses still in the dark about new data protection rules

17 Oct 2017

Person drawing padlock on blackboardWith only months to go until the new General Data Protection Regulation (GDPR) comes into force next May, a survey of business leaders today reveals that there are still a worrying number of companies across the country that are not aware of the costs, complexities and responsibilities associated with the new rules. The survey of almost 900 members of the Institute of Directors, carried out between July and August, shows that nearly a third of company directors have not heard of GDPR, while 4 in 10 don’t know if their company will be affected by the new regulations.

There appears to be a stark contrast between insufficient levels of general awareness on the one hand, and reasonable preparedness of companies who do know about the new rules on the other. Two-thirds of businesses who are aware of GDPR were either very or somewhat confident they fully understand how it will affect the running of their business. The new rules will redefine the way companies handle data and will include tougher punishments for those who fail to comply. Under current regulations, there is a maximum charge of £500,000 or 1% of annual turnover, but this is set to be replaced with a fine of up to €20 million or 4% of annual worldwide turnover. When asked whether they would be fully compliant with the regulations by the May 2018 deadline, 86% of businesses said they were either very or somewhat confident of being so.

The survey also revealed that half of directors had not discussed their own GDPR compliance arrangements with partners or vendors with whom they share data. Business leaders affected by GDPR said they were most likely to seek advice from external private advisors (IT consultants and legal firms), while many also said they would visit the government website or get in touch with the Information Commissioner’s Office. Meanwhile, one-third said they had in-house experts.

These results are being published alongside the IoD’s Digital Strategy Summit, with speakers including the Information Commissioner, Elizabeth Denham, and the Minister of State for Digital, the Rt Hon Matt Hancock MP. More information on this event can be found here.

Jamie Kerr, Head of External Affairs at the Institute of Directors, said:

“It was clear from the outset that this would be a mammoth task for small and large businesses alike, but the scale of the challenge has not necessarily translated into preparedness for the new regulation, despite the huge costs of non-compliance. The Government and the regulator must pull their weight on this issue, as it is set to have a significant impact on businesses across sectors and regions in the UK.

“It is crucial everyone understands just how big this regulatory change will be for business leaders over the next few months. GDPR also comes hot on the heels of a number of big regulatory shifts for business over the past few years. We should also not forget the potential of extensive preparations that will be needed as we depart from the EU. Taken altogether, it’s not the easiest time to do business in the UK.

“Company directors are being pulled in so many different directions it is unsurprising that many do not fully understand the details of GDPR.  That said, the regulator has a significant role to play in ensuring that SMEs, as well as larger firms, are fully compliant by May 2018. We urge the regulator to step up its engagement with businesses to ensure that they are spreading the message far and wide. In particular, however, it needs to emphasise in simple terms the criteria for compliance, what steps companies will have to take to comply and what the penalties are for not meeting the new standards. As a representative body, we will do our best to work with them to broadcast these messages.”

Full results

Survey conducted between 27 July – 10 August 2017*, 869 participants

Have you heard of GDPR?

Yes

70%

No

30%


Do you know if your company will be affected by the new rules under GDPR?

Yes (we will be affected)

48%

No (we will not be affected)

13%

Don't know

40%


Of those that said they would be affected by the regulation:

How confident are you that you fully understand how GDPR will affect the running of your business?

Very confident

18%

Somewhat confident

48%

Neither confident or unconfident

17%

Somewhat unconfident

10%

Very unconfident

6%

Don't know

0%


Where are you/your team likely to go to find the best information and guidance on GDPR compliance and the steps your business should be taking to ensure you’re prepared?

Government website (gov.uk)

45%

Information Commissioner's Office (ICO)

45%

External private advisors (IT consultants/legal firms)

52%

We already have in-house experts

30%

Other

16%

Don't know

1%


How confident are you that you will be fully compliant with the GDPR rules by 25th May 2018?

Very confident

43%

Somewhat confident

43%

Neither confident or unconfident

9%

Somewhat unconfident

3%

Very unconfident

2%

Don't know

1%


*figures may not total 100% due to rounding

Contact Press office