The ICO says businesses should stop focusing on the consequences of non-compliance and instead be motivated by the advantages of getting GDPR right.
The UK’s information commissioner Elizabeth Denham has urged businesses to be incentivized by the benefits of GDPR data security compliance.
In a video addressing boardrooms across the country, Denham stated that businesses should not waste any time in preparing for “the biggest change to data protection law for a generation”.
As a result, she urged companies to act swiftly in ensuring they are compliant with the upcoming GDPR regulations, which are due to come into force on May 25th, 2018.
She said that enterprises should not be motivated by fears surrounding the consequences of non-compliance.
Instead, they should look at the advantages of having a strong data protection system.
“If your organization can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance,” Denham added.
“But there’s a carrot here as well as a stick: get data protection right, and you can see a real business benefit.”
Her comments may well fall on a few surprised ears over the coming weeks, with research from IDC earlier this month indicating that just one-quarter of companies claim to be aware of GDPR.
This comes despite new rules regarding consent, as well as broadened European privacy rights, fines for non-compliance that could go into millions of euros, as well as tightened procedures and public disclosure in cases of a data breach.
Additionally, 52% of companies said they were unsure of how GDPR would impact their organization.
The ICO is subsequently doing its best to raise awareness for UK companies, with an updated data protection toolkit for SMEs set to go live on its website, as well as an Information Rights Strategic Plan, which aims to increase public trust.
There will also be a relaunch of the ICO’s 12 steps to take to prepare for GDPR.