NEW rules over data protection could end up taking businesses by surprise, according to a new survey.
The 28 member states of the European Union agreed to a new General Data Protection Regulation (GDPR) in the summer.
It means all businesses in the EU will fall under a single set of overarching rules that reform data protection and cut red tape.
Almost one in five IT decision-makers (19 per cent) in Brighton and Hove are totally unaware of the changes.
Less than half (46 per cent) who do know about the regulations are reviewing policies and setting up training in preparation, the survey says.
Companies which break the GDPR risk fines of more than £70 million (up to one hundred million euros) or 2 per cent of their global turnover.
The regulations also bring a raft of new rules about collecting, editing and processing the personal data of European citizens.
They were discussed by the EU Commission, European Parliament and the Council of the EU last month, is predicted to be ratified in the coming months.
Almost a third of businesses surveyed in the city (31 per cent) said they will wait for the final details of the regulations before taking any action. However, the same percentage have already appointed a data protection officer, which could become compulsory under the new rules.
John Culkin, director of information management at Crown Records Management, which carried out the survey, claimed the results showed businesses were "worryingly uninformed" about the rules.
He said: “The important question is not just whether businesses are worried or not but whether they are being proactive and taking early action to prepare. Training is very important, especially when you consider 80 per cent of data breaches stem from human error.
“Information policies will need to be reviewed, too. Waiting too long to undertake an information audit and make positive changes could be a very dangerous game.”
Gavin Stewart, executive director of the Brighton and Hove Economic Partnership, told The Argus he would keep an eye on developments.
He said: “We will endeavour to pass on information in a timely manner to keep local businesses aware of their obligations.”
Crown surveyed 16 Brighton and Hove companies, each with more than 200 employees.
Under the regulations, businesses will need the specific and freely-given consent of data subjects to collect data in the first place.
Citizens will have the right to view their data and ask for it to be edited.
The "right to erasure", a more limited version of the "right to be forgotten" which has already struck Google, will add further complications as companies will be expected to find and edit large amounts of data quickly – and will need processes in place for data subjects to make those requests.
It may well be 2016 before politicians can agree on a final draft but the underlying principles have already been agreed, with implementation planned for 2017.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here