A majority of boroughs in London and in the rest of the UK have not allocated budget for implementing GDPR provisions nor have they appointed Data Protection Officers which is mandated under the regulation.
Three in four London councils are yet to allocated budget towards making provisions to ensure compliance with GDPR by May next year.
With the GDPR less than a year away from being implemented, it is expected that banks, businesses and most importantly, city councils in the country have started preparing for the new regulation by allocating budgets and appointing relevant personnel.
Last month, a number of banks expressed fear that they will not be able to overcome technical challenges to comply with the GDPR by the time the regulation is implemented. Such technical challenges may include replacing legacy systems and changing the way they handle customer data.
“At some banks, a customer’s data may be held on more than 100 systems, and each of these takes a long time to change, even for a simple change. Sometimes even the simplest changes take months and months. Multiply that by a hundred and it becomes a very complicated task,” said Chris McMillan, a partner at consultancy firm Oliver Wyman to FT.
Similarly, a large number of boroughs in London and in the rest of the UK are completely unprepared for GDPR. As many as 76 per cent of 32 London boroughs and 89 percent of 44 other local authorities have not allocated budget to comply with the GDPR. More than half of all local authorities have not appointed Data Protection Officers which is also mandated by the regulation.
Considering that GDPR is less than ten months away from implementation, failure of local authorities across the UK to comply with its provisions could result in serious financial implications, says Julian Cook, Vice President of UK Business at M-Files.
Adding that local authorities do not have very much time at all to prepare for GDPR, Cook adds that while they are struggling to ‘manage a series of diverse responsibilities,’ the rules of GDPR are non-negotiable and they will have no choice but to comply.
“This isn’t just the responsibility of IT experts – it’s about making sure that local authorities have the funds and resources to prioritise this, and that decision-makers outside of the IT department are aware of what needs to be done,” he added.
A YouGov survey of over 2,000 UK businesses in May also revealed some alarming facts about their readiness for the upcoming data protection law. While 71% of them were unaware of the fines under GDPR, 29% of all businesses had started preparing for GDPR, which led experts to fear that a majority of them will not be ready when the new rules come into effect.
“These results are concerning because with next May’s deadline fast-approaching and with so much at stake, our study reveals there’s a very real possibility that the majority of organisations will not be compliant in time,” said Joanne Bone, partner and data protection expert at Irwin Mitchell.
The readiness of boroughs in London and in the rest of the country for GDPR compliance was revealed by intelligent information management company M-Files who recently filed a freedom of information request with 32 London boroughs and 44 other local authorities.