Karen Bradley MP, Secretary of State for Culture, Media and Sport (CMS), has confirmed that the UK will more than likely go ahead with implementing the EU GDPR in May 2018, which has been reinforced by Information Commissioner Elizabeth Denham. With this in mind, Christine Andrews, MD at DQM GRC commented below.
Christine Andrews, MD at DQM GRC:
“This might be the wakeup call needed for the 18.4% of organisations who admitted they will require 12-24 months to make the necessary changes the General Data Protection Regulation (GDPR) demands – but we’re not at all surprised by this news. The UK ICO was active in helping to shape the new EU GDPR, and it’s clear that if UK companies want to trade with Europe they’re going to need to comply with it. Not at least because the new regulation will be in force from May 2018, and as we’ll still be in Europe at this time, the GDPR will apply to all UK companies.
More importantly, organisations should actually want to achieve the highest standards in protecting their customer data – and go beyond the demands of the GDPR. With the potential fines of up to 4% of global revenues with the new legislation, damage from a data breach is likely to be far more impactful than just a company’s reputation being tarnished. We have been strongly advising our clients to get started on ensuring they comply at the earliest opportunity, and they’re listening too – our GDPR RADAR™ assessment is beginning to fly off the shelves!”