General data protection regulation (GDPR) comes into effect on May 25 and is a hot topic for businesses and other organisations. In the first Big Question, Reed Accountancy & Finance surveyed clients to understand the current state of preparedness, and how people were tackling the changes, from investing in technology to people.
The responses, numbering more than 900 in all, were reassuring, though suggested that there was more work to be done. Asked about their state of readiness for GDPR by May 25, nearly one in five, 19%, said their organisations were fully prepared, on top of which nearly 58% said they were partly prepared but should be ready in time.
This left nearly a quarter where the situation was rather less satisfactory. Of the remaining 23%, nearly 10% said they were partly prepared but did not expect to be ready in time, 6% had yet to make any preparations and 7% did not know. While that paints a somewhat worrying and uncertain picture for what lies ahead, it is significantly better than the average:
A recent government survey showed that fewer than half of all businesses were even aware of GDPR, let alone taking action to implement the necessary changes.
David Smith / Economics Editor of The Sunday Times
How businesses are responding
In a second question, respondents were asked what actions they had taken. Most (63%) had trained and communicated with staff and changed procedures (53%). Around a third (32%) had updated anti-virus and anti-malware software. While just over 11% had hired new staff specifically as a result of GDPR.
For advice on hiring GDPR professionals, contact your local finance recruitment expert.
Sentiment so far
Though the results were encouraging, many of those taking part in the survey had concerns about GDPR, some of them serious. One finance manager, talked of “information overload” for small businesses, while Ian Larkham, a head of finance and resources, was concerned about what seemed to be “a moving target”, with “nothing yet finalised”.
Others, such as Tim Edwards, a finance director, noted “a lot of scaremongery” around GDPR, which some people were using to make a quick buck by offering overpriced training courses. Richard Carr, a finance manager, found it “excessive, laborious and time-wasting”, given that what the business already had in place was “more than adequate”.
Some, however, welcomed the spur that GDPR has provided. “We have hired a new head of business and created a systems working party,” said Fiona Wood, a finance director. “The software is already in place for virus protection and we are producing register of al personal data we hold and are carrying out a process of data cleansing. These are good proposals which businesses should be doing anyway. This is not Y2K all over again; essentially the message is don’t hold data unnecessarily and hold it in one place so it can be controlled effectively.”
Jayne Daniel, a finance manager, was also positive, describing GDPR as “a great move for business and the general public”, in particular protecting the older generation from cold calls. Jon Evans, a finance director, praised the REED GDPR event in the West Midlands, which he said had provided clarity on what needed to be done.
There is still work to be done, with some respondents predicting confidently that many businesses will not get there. Mostly, however, firms are doing their best to be ready and part of that is not pretending that this is somebody else’s problem. “The number one issue is people expecting someone else to take charge of the project,” said Matt Skinner, a project manager. “It is not simply a series of checklists. Companies need to change the environment in which they store data.”
As May 25 draws closer, time will soon tell how it impacts operations and roles across finance teams. Get in touch to let us know how your business is tackling the changes and to seek advice on how the right talent can help.