A survey of members of the Institute of Directors has revealed a worrying lack of awareness about the impending new data protection rules, GDPR.
With only months to go until the new General Data Protection Regulation (GDPR) becomes law, the Institute of Directors (IoD) has polled 900 of its members and found that one in three hasn't even heard of GDPR. In addition, four in ten business directors say they don't know if their company will be affected by the new regulations.
The IoD says the findings show there are still a "worrying number of companies across the country that are not aware of the costs, complexities and responsibilities associated with the new rules".
GDPR will redefine the way companies handle personal data and respond to data breaches; it will include tougher punishments for those who fail to comply.
But the IoD's research shows that there is a "stark contrast" between those that know about GDPR and have taken steps to prepare for its arrival and those that know nothing about it.
Two-thirds of businesses that are aware of GDPR are either "very confident" or "somewhat confident" they fully understand how it will affect the running of their business. When asked whether they would be fully compliant with the regulations by the May 2018 deadline, 86% of businesses said they were either very or somewhat confident of being so.
However, the survey also finds that half of directors have not discussed their own GDPR compliance arrangements with partners or vendors with whom they share data.
Jamie Kerr, IoD head of external affairs, said: "It is crucial everyone understands just how big this regulatory change will be for business leaders over the next few months. Company directors are being pulled in so many different directions it is unsurprising that many do not fully understand the details of GDPR.
"The regulator has a significant role to play in ensuring that SMEs, as well as larger firms, are fully compliant by May 2018. We urge the regulator to step up its engagement with businesses to ensure that they are spreading the message far and wide. In particular, however, it needs to emphasise in simple terms the criteria for compliance, what steps companies will have to take to comply and what the penalties are for not meeting the new standards."