GovernanceRegulationMany businesses’ attitudes to GDPR are ‘bordering on negligent’

Many businesses' attitudes to GDPR are 'bordering on negligent'

Despite the data protection regulation being implemented in 2018, 69% of IT decision makers don’t have the backing of their board to achieve GDPR compliance, according to Calligo.

Despite the data protection regulation being implemented in 2018, 69% of IT decision makers don’t have the backing of their board to achieve GDPR compliance, according to Calligo.

Some businesses owner’s awareness of how Europe’s General Data Protection Regulation (GDPR) will impact their business is “bordering on negligent”, said Adam Ryan, chief commercial officer or Calligo, a cloud service provider offering mid-sized companies data privacy and security.

“There is an alarming lack of knowledge,” he said, speaking at a GDPR panel debate on Thursday.

Ryan argued that many board-level individuals are not engaging with GDPR because they do not want to take the blame if something goes wrong.

“GDPR is driving a truck through one of my clients’ business model as far as I can see,” said Ryan, speaking about a company runs a B2B introductory lead generation system.

“For some businesses, GDPR fundamentally changes how they operate” 

“Their response [to GDPR] is ‘we really need to do something about that’. Their level of awareness was bordering on negligent because this is their core business and core value to their customers.

“For some businesses, GDPR fundamentally changes how they operate,” he added.

Is GDPR enforceable?

Julian Box, co-founder of Calligo, argued that many businesses are ignoring GDPR because they don’t believe that regulators will be able to enforce the regulation.

Many of GDPR’s processes should have been put in place years ago, argued Robert Bond, solicitor and notary public and a certified compliance and ethics professional.

“GDPR is not prescriptive. Everyone is waiting for ten boxes to tick but it is not about that,” said Bond.

Every business will have to work out what its risk appetite is and how it can implement processes for the procedures to be accountable

Box agreed: “You can’t be GDPR complaint. GDPR is every that makes you non-compliant literally a second later. We go out of our way to never use that word complaint.

“Wetherspoon’s deleted a huge chunk of their customer data as they thought it wasn’t worth the risk. That doesn’t work for all business but I thought that was quite an educated response.”

However, Bond said that once a company has started implementing procedures to meet GDPR expectations, businesses should market it as a competitive advantage.

The EU’s data protection is about privacy, not IT security 

Ryan pointed out that many companies are taking a technology-focused response as they look to improve security, “but this isn’t all about security, it is about privacy. People are keeping data that they shouldn’t have. It might be protected but they shouldn’t have it in the first place,” he said.

“Wetherspoons has deleted a huge chunk of its customer data as it thought it wasn’t worth the risk. That doesn’t work for all business but I thought that was quite an educated response. The management thought it just wasn’t worth it.

“You need to understand why you have data and what legal framework for keeping data you have anyway,” said Ryan.

Several people on the panel predicted “ambulance chaser” law firms offering ‘no win, no fee’ court cases if a business was found to be holding illegal data under GDPR.

Once consumers know what their rights are, there will undoubtedly be those with grievances against businesses that will use GDPR to air those grievances, panellists agreed.

Bond argued that compliance will trickle down from large multinational companies.

“The more regulated and multinational the business is, generally the more aware it is of compliance and regulatory issues. But out of all of those multinationals that I have advised over the years, there isn’t one that has put in place compliance programs because they should do. It is because something has gone wrong to make them do it,” said Bond.

However, Bond believes large multinationals business will refuse to do business with smaller firms if they are not implementing GDPR, causing it to flow through industries.

Related Articles

SFTR: an overnight regulatory reporting headache ten years in the making!

Regulation SFTR: an overnight regulatory reporting headache ten years in the making!

3w Heiko Stuber
Open Banking usage accelerating globally, new report details

FinTech Open Banking usage accelerating globally, new report details

2m Jay Ashar
The ESG needle is moving and treasurers must react

Financial Supply Chain The ESG needle is moving and treasurers must react

3m Aaran Fronda
Congress questioning of Libra highlights rise of cryptocurrencies

Payments Technology Congress questioning of Libra highlights rise of cryptocurrencies

5m Jay Ashar
The FCA is working hard to correct market failures

Regulation The FCA is working hard to correct market failures

5m Daniel Tannenbaum
Green Finance Strategy announced for the UK

Financial Supply Chain Green Finance Strategy announced for the UK

5m Jay Ashar
Treasury Live: Is the future of banking more traditional than you think?

10 Minutes With The Treasury Treasury Live: Is the future of banking more traditional than you think?

5m Austin Clark
G20 leaders must embrace cryptocurrency regulation

Blockchain G20 leaders must embrace cryptocurrency regulation

5m Jay Ashar

Whitepapers & Resources

Transaction Banking Survey 2019

Transaction Banking Survey 2019

2m
TIS Sanction Screening Survey Report

Payments TIS Sanction Screening Survey Report

5m
Enhancing your strategic position: Digitalization in Treasury

Payments Enhancing your strategic position: Digitalization in Treasury

7m
Netting: An Immersive Guide to Global Reconciliation

Netting: An Immersive Guide to Global Reconciliation

10m