Seven in ten firms ‘not prepared for GDPR’

Seven out of ten businesses have not left any money in their budget to account for the additional costs associated with General Data Protection Regulation (GDPR) compliance, according to new data.

Research conducted by GDPR compliant job board and London law firm Hamlins LLP has revealed that hundreds of thousands of businesses in Britain are liable to receive large fines after 73 per cent failed to allocate the budget required to facilitate compliance with the new data protection legislation, which will be introduced in May 2018.

It’s vital that car dealerships and other businesses, both in and out of the motor industry, are prepared for changes to legislation in the future, such as GDPR and any other policy changes that may come as a result of Brexit. One way in which car dealers can prepare is by ensuring their motor trade insurance policy is up to date to cover any new areas in which business owners have become liable e.g. data protection.

According to the study, 53 per cent of businesses have failed to prepare for the introduction of the GDPR legislation, which requires the appointment of a Data Protection Officer (DPO), while more than a third revealed they are not planning to make any changes ahead of GDPR introduction or do not understand what they need to do.

Around 15 per cent of respondents stated that they believe Brexit will prevent the UK from having to comply, while 12 per cent argued that they do not have the funds in place to fully comply to GDPR’s requirements. A further 10 per cent added that they did not want to get involved in “red-tape”, while 11 per cent said they did not feel there was a business risk.

However, Simon Wright, operations director at, pointed out that all businesses, including all car dealers and business owners within the motor trade industry, are required to comply with the new rules. In fact, dealerships could face fines of up to four per cent of their annual turnover if they fail to comply to the new regulations.

Mr Wright said: “Whilst some businesses will be exempt from appointing a Data Protection Officer, there are hundreds of thousands of businesses currently exposed because they do not have the right calibre of staff to deal with data protection law and practices and ensure they can honour all the obligations under the GDPR.”