Construction sector woefully underprepared for GDPR
The UK construction sector is unprepared for the introduction of General Data Protection Regulation, a new report into the sector has revealed.
Although GDPR is set to be introduced in less than a year, the GDPR – Clock is Ticking report from Collyer Bristow found that both construction and real estate lags behind other major sectors.
While 27% of all business sectors reported no awareness of GDPR, that figure rose to 35% of construction and real estate businesses.
A similar percentage of construction firms have taken no action to prepare for GDPR either, which compares to 20% across all UK firms.
A further issue for the sector relates to its contingency plans for data breaches, as only 28% of construction firms have measures in place – again this is above the national average, which stands at 23%.
Of the businesses questioned as part of the study, 18% said that they would be put at risk of insolvency were they to face the maximum fine applicable under GDRP regulations.
That would be either €20 million or 4% of global turnover, whichever is higher – a considerable sum for many businesses that are operating on increasing tight margins and with various cash flow issues to overcome.
The new data protection compliance regulation comes into force in late May 2018 and applies to all businesses that collect personal data – regardless of the decision to leave the EU, all firms will still need to comply.
The lack of preparedness should be concerning, the report claims, especially as 57% of senior management staff were found to have little or even no direct involvement in dealing with GDPR.
Around a third of businesses also said that there were no plans to carry out data risk assessments before the turn of the year, despite only have a few months in 2018 to meet the regulations.
By Phil Smith