Many organisations were underestimating the impact of the General Data Protection Regulation (GDPR) and were inadequately prepared, with some still in the dark or confused about its implications, HR and payroll outsourcing firm MHR claimed.
Due to come into force on May 25 2018, GDPR is widely believed to be the biggest change to the management and processing of personal data since the Data Protection Act 1998.
More rigorous processes
Changes to the law include more rigorous processes for an individual’s consent of data usage, and a ‘right of erasure’ if an individual withdraws consent.
Non-compliance can result in fines of up to 20M or, if higher, 4% of an organisation’s global turnover.
Despite this, a recent survey of heads of HR, payroll managers, IT and financial directors carried out by MHR revealed that 68% had not yet received any GDPR awareness training.
Meanwhile, a further 53% had yet to assess and appoint a data privacy officer, a mandatory obligation for some companies – and one that could become more challenging given the predicted shortage of suitable candidates, MHR said.
Fines for non-compliance
Given the level of fines for non-compliance, organisations could ill-afford to pay lip service to the new regulations and faced a race against time to get their houses in order and protect their businesses, claimed MHR chief commercial officer Tim Johnson.
“As the introduction of the GDPR draws ever nearer, the media is littered daily with lots of scaremongering articles, false statistics and contradicting information about what organisations must do to enforce compliance, resulting in widespread confusion and a general lack of awareness and understanding of its application,” he said.
To help manufacturers get GDPR ready, MHR is running a series of workshops throughout the UK this month. Visit MHR for more information.