When the GDPR data protection regulation comes into force on 25th May 2018, a Symantec survey has revealed that 9 out of 10 businesses are not confident that that they will be able to delete customer data on request.
Right To Erasure.
One of the many important impacts of GDPR will be the ‘right to erasure’ which builds upon the ‘right to be forgotten’ when it comes to customer data. Under Article 17, controllers will have to erase personal data “without undue delay” if the data is no longer needed, the data subject objects to the processing, or the processing of the data was unlawful. In short, if customer asks for you to delete all of the data you hold about them you will have to do so quickly or face steep financial penalties.
Unfortunately a recent survey by security firm Symantec shows that 9 out of 10 businesses think it will be difficult for them to delete customer data if they receive a request, and only 4 out of 10 companies have a system currently in place that allows them to do so. This raises questions about how prepared UK businesses are for GDPR and how vulnerable they are to the risks of non-compliance.
Another finding of the same survey is that 35% of UK business and IT decision makers don’t think that their companies take an ethical approach the securing and protecting of customer data. This highlights what appears to be a different attitude between companies and consumers about the importance of data security.
Data Protection Very Important To European Consumers.
It is worth companies taking note however of what an important issue data security is to consumers across Europe. The Symantec report reveals that no less than 88% of European consumers think data security is the most important factor when choosing a company. A similarly high amount (86%) think that data protection is even more important than product quality!
Not Prepared Yet.
With the introduction of GDPR less than 19 months away one of the worrying factors highlighted by the Symantec report is how unprepared many UK businesses are. 96% of companies for example don’t understand GDPR and 91% don’t think they’ll be able to comply with it.
It seems also that UK businesses have also given GDPR a low priority despite its potentially serious impact. For example only 22% of companies have made complying with the European security demands a priority over the next two years.
What Does This Mean For Your Business?
The new UK Information Commissioner Elizabeth Denham has already stated publicly that she would support the UK adopting EU data protection laws, even after Brexit. The fact is that GDPR is likely to come into force before Brexit anyway, and whatever happens GDPR will apply to organisations anywhere in the world that hold and process data about EU citizens. This means that UK businesses that haven’t started already should make GDPR a much higher priority and make sure that they are prepared to be able to comply in time for May 2018.
In fact hardly any data will not fall under GDPR which means your business will need to become very familiar very quickly with GDPR it and its implications. GDPR will mean for example that: