GDPR: The race to comply

With the deadline for GDPR compliance now just over a year away, some companies are on their way to being compliant, while others are making preparations and putting aside budgets for fines.

GDPR, which is set to apply in the UK from the 25th of May 2018, will replace the current Data Protection Act 1998, that the UK relies on for its data compliance rules. In essence, GDPR will standardise rules throughout the EU, in an age of mass digitalisation, allowing customers more control over their information, and enacting tougher penalties for data breaches and non-compliance.

Responses from a local government information survey by the Information Commissioner’s Office (ICO), carried out at the end of 2016 however, show that among other organisations, councils in the UK have their work cut out for them in order to ensure they comply by May 2018.

The survey, which was conducted at the end of last year, quizzed 173 councils and found that many were not prepared for the more stringent data regime, which will come into effect from May 2018, with a significant number failing to even hire a data protection officer – a lawful requirement under the GDPR.

The survey, conducted by the ICO reveals that fewer than 18 per cent of councils have fully completed an Information Asset Register, and only 52 per cent are ensuring that third-party data processors have contractual obligations imposed upon them to meet the security requirements of data protection.

Since the announcement of the new regulatory constraints, digital consultants around the world have been pivoting their efforts to ensure customers remain comfortable that keeping business with them will mean compliance with new EU laws. Indeed, IBM have been the most recent company to announce that they are tripling their efforts to ensure clients are still able to take advantage of cloud innovations, through the looking glass of GDPR.

Speaking with ITPro, general manager of IBM’s analytics platform and cloud data services said: “We have clients in the EU, in the UK, US and other geographies – all of them are struggling with how to take advantage of the innovation that occurs in the cloud. It is an ongoing investment, and a priority for us. Compliance, governance and data – those are the three pillars that we orient a lot of our strategy and thinking behind.”