UK organisations by and large are preparing to comply with the General Data Protection Regulation (GDPR) despite the UK's planned departure from the EU, with 94 percent of those surveyed by the International Association of Privacy Professionals saying they're making preparations regardless of what Brexit might bring.
Data protection was widely seen to be in “limbo land” post-Brexit vote and raised questions about what organisations were doing to comply with GDPR, particularly with the expectation that the UK might have to develop its own regulation after exiting the EU, the IAPP study showed that it's “not very questionable at all what they're doing, it's very obvious what doing,” Rita Heimes, research director at IAPP, told SC Media.
“I'm not surprised at all,” she said. “GDPR is such a big deal in privacy circles that folks in UK and all of Europe, and the US and Canada are ramping up for it. Even if UK leaves EU they'll still comply with GDPR.”
The results from the survey of privacy pros at more than 200 UK organisations run counter to findings in Dell's 2016 global study, which revealed that about 80 percent of respondents were not aware – or were barely aware -- of GDPR with 97 percent saying they had no plan to comply.
“The Dell report we referenced showed that no one is getting ready for GDPR or haven't heard of it, and that might be true if surveyed companies in general and people in general public,” said Heimes. The IAPP study, though, targeted privacy professionals at UK organisations for who put a premium on privacy and compliance with the stricter regulation and avoidance of the harsher fines set by GDPR.
“Privacy is a pretty consistent fundamental human right in the EU, and it's very important to the EU to maintain and develop stronger data protection standards,” Heimes said of the GDPR, which has broader jurisdictional reach.
To prepare, two-thirds of the UK organisations surveyed said they were developing new internal privacy accountability frameworks while 58 percent are ponying up budget dollars to train their staffs and employees in privacy matters.
Two out of three are creating a new internal privacy accountability framework. Similarly, they are making sure this is an organisational effort. Well over half, 58 percent, are investing in privacy training for their staff and employees, which tracks, Heimes said, with IAPP's expectations for “a huge surge in number of people who need to be privacy professionals.”