British construction and building firms are unaware of the new wide-ranging data protection rules which come into force in less than a year’s time, despite 25% admitting the maximum fine for non-compliance would force them out of business.
According to a YouGov survey of 190 construction firms, which was commissioned by national law firm Irwin Mitchell, only 30% admit to being aware of the new General Data Protection Regulations (GDPR) which begin on 25 May 2018.
GDPR represents the biggest change to how businesses process personal information in 25 years, replacing existing data protection laws.
Under the new rules, the maximum fine for certain data breaches in the UK will rise from £500,000 to €20m, or 4% of global turnover, whichever is larger.
77% of respondents were unaware of the new fines and 25% admitted they would go out of business if they received the maximum punishment.
Joanne Bone, partner and data protection expert at Irwin Mitchell, said: “These results are concerning because with next May’s deadline fast-approaching and with so much at stake, our study reveals there’s a very real possibility that a large number of construction companies will not be compliant in time.”
The notification of certain data breaches where there is an impact on privacy must be given to the Regulator within 72 hours under the new regime. However, Irwin Mitchell’s survey found that only 18% of construction companies are certain that they would be able to detect a data breach within their organisation. And only 27% said they were confident they could notify the relevant stakeholders within the required timescale of three days.
Irwin Mitchell believes the low level of awareness of GDPR is caused by a number of misconceptions that exist about the new rules with 40% of respondents claiming that GDPR is not an issue for their sector. Yet GDPR is wide-ranging and comprises employee data, customer data, and supplier data, all of which construction firms process and retain.
Bone added: “It is hard to think of a business today that does not use personal data – if the data relates to an individual you will be caught by the new data protection laws.”
Gordon Anderson, head of construction London at Irwin Mitchell, added: “Good data governance can build customer trust and the right permissions may also help construction businesses take advantage of the Big Data revolution, enabling them to commercialise their data to their advantage. But ignoring the new rules can lead to hefty fines, at the very least.”