On 25 May the one-year countdown clock started ticking to the biggest shake-up of Europe’s data protection laws in a generation: the General Data Protection Regulation (GDPR). Yet despite the best efforts of UK privacy watchdog the Information Commissioner’s Office (ICO), the European Commission and other key stakeholders, it appears as if many organizations are still dragging their heels over compliance. A new Freedom of Information (FOI) request has revealed that a staggering 82% of local councils in the UK have yet to allocate budget to the task.
To avoid punitive fines and negative publicity, organizations need to start planning now, and make cybersecurity central to their strategy.
The FOI findings back up similar research revealed by the ICO back in March. It found that a quarter of UK councils still hadn’t hired a Data Protection Officer (DPO), one of the key requirements of the GDPR which could result in a fine of 2% of global annual turnover or €10m (£8.9m) for non-compliance. It also found that a third (34%) of councils haven’t conducted privacy impact assessments (PIAs) – another key stipulation – and 18% aren’t training employees in data protection best practices.