PRESS RELEASE: 48% of London businesses still don’t think they are fully compliant with the GDPR

08 Aug 2018
  • Two months after the introduction of GDPR, 59% of businesses would not be fully confident when responding to a data breach.

48% of businesses in London and the South East do not think they are fully compliant with GDPR, two months after the new data protection rules came into force, says Collyer Bristow, a leading commercial law firm.

The survey of senior decision makers at companies in London and the South East by Collyer Bristow also reveals that:

  • 28% of businesses do not have a formalised Data Breach Response Plan – a further 11% of senior decision makers did not even know if they did have a plan or not
  • 59% of businesses would not be very confident if they were faced with a data breach under the new GDPR guidelines. 

Failure to comply with GDPR can have huge financial and reputational consequences for companies. For example, failing to report a serious data breach to the Information Commissioners Office (ICO) can result in a €10 million fine or 2% of global turnover. A data breach affecting large numbers of customers is likely to severely dent customer confidence.

Collyer Bristow says that in their experience, businesses are not as compliant with GDPR as they think they are. This is particularly critical in cases where a data subject raises a complaint and the ICO investigates the extent and effectiveness of a business’ data protection processes.

The new GDPR regulations place stronger legal obligations on companies to ensure businesses take specific steps to more securely collect, store, and use personal data.

Patrick Wheeler, Head of Data Privacy at Collyer Bristow, says:

“Businesses run the risk of sleepwalking into serious trouble if they do not take GDPR seriously. The ICO can be expected to make full use of its extended powers to investigate and sanction businesses including imposing very big fines on the most serious offenders.”

Additional information