Eclipsed by the rising moons of Trump and Brexit, the EU General Data Protection Regulation (GDPR) is approaching fast.
And yet, with just 14 months until enforcement, very few businesses are prepared, let alone aware of what it entails, or its myriad implications. A Veritas study in December found less than half had set in motion any processes to make their businesses compliant.
“GDPR is all about good data governance, and those in the industry have being trying to preach this for years, but it seems to have fallen on deaf ears. Very few people have taken it seriously,” says Phil Beckett, managing director of Alvarez & Marsal. He thinks that GDPR has often been dismissed as an issue for IT bods, when in fact it’s implications flow back to the c-suite.
The regulations are an attempt to harmonise the different, often conflicting, data standards across the EU’s member states. The more pedantic among us might speculate that Brexit would negate GDPR – we are leaving the EU, after all. But it is extraterritorial by nature, enforcing several rights for EU citizens, wherever in the world they are.
For many businesses, GDPR demands a total restructure of how they handle, process and think about data – and what constitutes best practice. It’s impossible to cover the minutiae of GDPR, but there are four concepts UK businesses need to get to grips with prior to implementation.
What makes GDPR so relevant by comparison to previous directives are the hefty fines for compliance failure. “If you’ve got this wrong,” says Beckett, “it’s up to four per cent of your global turnover. And that brings it right up to board level – as something people should really take seriously.” He thinks the EU will be actively looking to make an immediate example of a high profile target: “it’s one thing to put the rules in place, you then have to enforce them to make people realise they are real,” he says.