The UK’s Institute of Directors has raised concerns that a worrying number of companies are not aware of the impact of the new General Data Protection Regulation (GDPR).
With only months to go until the new rules come into force next May, the institute says many companies are yet to fully understand the costs, complexities and responsibilities associated with them.
The survey of almost 900 IoD members shows that nearly a third of company directors have not heard of GDPR, while four in 10 don’t know if their company will be affected by the new regulations.
It says there appears to be a stark contrast between insufficient levels of general awareness on the one hand, and reasonable preparedness of companies who do know about the new rules on the other.
Two-thirds of businesses who are aware of GDPR are either very or somewhat confident they fully understand how it will affect the running of their business.
The new rules will redefine the way companies handle data and will include tougher punishments for those who fail to comply.
When asked whether they would be fully compliant with the regulations by the May 2018 deadline, 86% of businesses who were aware of the changes said they were either very or somewhat confident of being so.
The survey also revealed that half of directors had not discussed their own GDPR compliance arrangements with partners or vendors with whom they share data.
Jamie Kerr, head of external affairs at the Institute of Directors, said: “It was clear from the outset that this would be a mammoth task for small and large businesses alike, but the scale of the challenge has not necessarily translated into preparedness for the new regulation, despite the huge costs of non-compliance.
“It is crucial everyone understands just how big this regulatory change will be for business leaders over the next few months.”