BUSINESSES could fall foul of changes to data protection laws about to be introduced unless they start to alter to their policies now.

A survey by law firm Blake Morgan has revealed nine out of ten businesses have still not made crucial changes to their privacy policies – a key requirement of the law changes.

As time runs out to comply with the General Data Protection Regulation (GDPR), the survey found many organisations may be at risk of non-compliance, risking regulatory action and reputational and brand damage for not getting their house in order.

The GDPR represents the biggest shift in data protection for many years and all organisations which retain or process personal information will need to comply.

The new law focuses on greater transparency as to how personal data is collected, retained and processed, makes organisations more accountable and giving enhanced rights to those whose personal data is being collected and processed.

It is backed up with a significantly higher fines regime for the most serious breaches of up to £17m or four per cent of worldwide turnover – whichever is greater – and a requirement to notify personal data breaches within 72 hours where they are likely to result in a risk to people’s rights and freedoms.

Blake Morgan’s research revealed just over 10 per cent of those surveyed had updated their privacy policies to comply with the new law, while only a quarter had put in place systems to ensure data security breaches were notified in line with GDPR.

The findings showed almost 40 per cent of organisations surveyed had not taken steps to prepare for the new regulations, while more than a third were not confident they would be able to comply with GDPR by May 25 next year when the law comes into force.

Just over a fifth of businesses surveyed were not aware of GDPR and the forthcoming and related ePrivacy Regulation and what these will mean for their organisation.

Simon Stokes, a partner specialising in data protection law at Blake Morgan, said: “There appears to be a genuine confusion among many business leaders about what the new law means and how to achieve compliance.

“With the clock counting down to the law coming into force, we would recommend a focused effort by businesses to get to grips with the changes and implement a strategic plan of action.

Blake Morgan has launched a free guide, ‘GDPR: A Practical Guide to Achieving Compliance’, which gives detailed analysis and helpful advice. To download it, visit www.blakemorgan.co.uk/GDPR