6 April 2017 | Jamie Harris
Businesses are being warned not to cancel preparations for the incoming EU General Data Protection Regulation (EU GDPR), regardless of the UK having begun the process of withdrawing from the European Union.
A survey of 408 IT decision makers, conducted by Crown Records Management, found that a quarter of respondents have cancelled preparations for the legislation, due to come into force in May 2018.
Four per cent of respondents said that they had not begun any preparatory work, while nearly half (44 per cent) said that they thought the regulation will not apply to UK business after the UK has left the EU.
The regulation is designed to harmonise data protection regulation, providing individuals with more control over their personal data.
John Culkin, director of information management at Crown Records Management, said that cancelling preparations is a big concern.
He said: "This regulation is going to affect them all in one way or another.
"Firstly, it is likely to be in place before Brexit. Secondly, although an independent Britain would no longer be a signatory it will still apply to all businesses that handle the personal information of European citizens.
"When you consider how many EU citizens live in the UK it's hard to imagine many businesses here being unaffected.
"The reality is we are likely to continue to see stringent data protection in an independent UK rather than a watered down version."
Despite Culkin's concerns, the survey did find that 70 per cent of respondents from organisations with more than 100 employees have appointed a data protection officer, one of the requirements of the regulation, and half have introduced staff training.
Data breaches of the EU GDPR could result in fines as high as 20 million.