IT & telecoms firms risk damaging fines

Almost half (44%) of IT & telecoms companies are unaware of the new wide-ranging data protection rules which come into force in less than a year’s time - despite 17% admitting the maximum fine for non-compliance would force them out of business, whilst 12% said it would lead to large scale redundancies.

  • Wednesday, 31st May 2017 Posted 7 years ago in by Phil Alsop
According to a YouGov survey of 314 IT & telecoms companies, which was commissioned by national law firm Irwin Mitchell, 56% admit to being aware of the new General Data Protection Regulation (GDPR) which comes into force on 25 May 2018.
 
GDPR represents the biggest change in 25 years to how businesses process personal information and it replaces existing data protection laws.
 
Under the new rules, the maximum fine for certain data breaches in the UK will rise from ?500,000 to ˆ20million or 4% of global turnover, whichever is larger.
 
Forty eight per cent of IT & telecoms companies are unaware of the new fines and 17% say they would go out of business if they received the maximum punishment. Twelve per cent think they would need to make significant job cuts with a further 27% admitting that smaller scale headcount reductions will be necessary.
 
Joanne Bone, partner and data protection expert at Irwin Mitchell said: “These results are concerning because with next May’s deadline fast-approaching and with so much at stake, our study reveals there’s a very real possibility that a large number of IT & telecoms companies will not be compliant in time.
 
“It’s a staggering statistic but 90% of the world’s data was only created in the last two years. Data is at the very heart of every telecoms operations and by 2020, there will be ten times the current amount of mobile data and much of it unstructured. The time to install the right data shields and internal compliant controls to minimise the risk of breaches is now.”
 
The notification of certain data breaches where there is an impact on privacy, such as a customer database being hacked or a letter being put in the wrong envelope, must be reported to the Information Commissioner’s Office (ICO) within 72 hours under the new regime.
 
However, Irwin Mitchell’s survey found that just 34% of IT & telecoms companies are certain that they would be able to detect a data breach within their organisation. Just 37% say they are confident they would notify the relevant stakeholders within the required timescale of three days.
 
Other changes under the GDPR include an obligation to be more transparent about how personal data is used. Businesses will also need to have processes in place in case an individual asks for all their personal data to be erased.
 
Irwin Mitchell believes the low level of awareness of GDPR is caused by a number of misconceptions that exist about the new rules and say this has led to a level of complacency.
 
This view is supported by 18% of respondents claiming that GDPR will have no impact and is not an issue for their sector. Thirty one per cent claim it isn’t relevant to their business as they are not a consumer business.
 
The reality is that the rules encompass a wide range of personal data including employee data, payroll and pension records. They also apply to data in a business context where individuals are concerned, such as sole traders and partnerships.
 
Irwin Mitchell’s Joanne Bone added: “Contrary to popular belief personal data is not just consumer information. It is hard to think of a business today that does not use personal data. Whether you have employee data, customer data or supplier data – if the data relates to an individual you will be caught by the new data protection laws.”
 
The survey revealed that only 35% of IT & telecoms companies view the new data protection rules as an opportunity and 23% said the rules will have a negative impact on their organisation.
 
Commenting on this finding, Stuart Padgham, partner & National Head of Commercial at Irwin Mitchell, said: “It is important to recognise that taking a proactive approach towards GDPR compliance will potentially reap financial benefits.  Good data governance can build customer trust and the right permissions can also help businesses take advantage of the Big Data Revolution and enable them to commercialise their data for competitive advantage.”