Be ready for data protection reform

The European Commission first put forward its EU Data Protection Reform in 2012 with the aim of making Europe fit for the digital age.

In December 2015, an agreement was found with the European Parliament and the Council, following final negotiations between the three institutions (so-called 'trilogue' meetings). 

According to the European Commission, over 90 per cent of Europeans say they want the same data protection rights across the EU, and regardless of where their data is processed this will soon be a reality. The European Commission has stated that the Reform package will put an end to the patchwork of data protection rules that currently exists in the EU.

The Regulation is aimed at strengthening citizens’ fundamental rights in the digital age and facilitating business by simplifying rules for companies in the Digital Single Market. A single law is also intended to do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year. 

However, according to findings that form part of quarterly Close Brothers survey of UK SME owners and senior management from a range of sectors, the majority of the UK’s small and medium sized businesses (SMEs) have either not heard of – or are uncertain about – the impact of the EU’s new data protection legislation, General Data Protection Regulation (GDPR), which was adopted in April 2016 and takes effect within two years. 

The Close Brothers survey found that 82 per cent of companies have either not heard of GDPR or don't understand its impact, and a further 14 per cent will need to take further advice. Only 4 per cent of SMEs say they understand the legislation and are clear about the effect GDPR will have on their business. “GDPR is one of the most significant and anticipated pieces of legislation conceived in the EU in recent years,” said Ian McVicar, managing director, Close Brothers Technology Services. “It is intended to strengthen and unify data protection for individuals within the EU. 

What these results demonstrate is that there is a clear lack of understanding at all levels and across all sectors.” McVicar highlights that one of the headline figures that has been focused on is the penalty for non-compliance, which is up to 4 per cent of annual revenue or €20 million, whichever is the higher. “We would like businesses to think positively about GDPR and understand how it can benefit both them and their customers,” he added.

Sean Callanan, director of Technology Services, said his company was currently working with International Data Corporation, which provides intelligence and advisory services to help demystify the regulation. “Our focus will be on the areas where technology can help businesses prepare for GDPR, because much of the regulation is actually about process,” he said. “However, some elements can only be enabled or managed through technology.” 

As Callanan points out, technology has a considerable role to play here. This is certainly something worth investigating and putting in place before the new rules come into force.