The UK real estate and construction industry is not ready for the General Data Protection Regulation (GDPR) despite its introduction being less than one year away, says a report from property law firm Collyer Bristow.
Collyer Bristow’s report, GDPR – The Clock is Ticking, found that understanding of and preparedness for the GDPR in the real estate and construction sector lags significantly behind other industry sectors.
Headline findings from GDPR – The Clock is Ticking:
- 35% of real estate and construction businesses have no awareness at all of the GDPR. This compares to 27% across all business sectors, and just 14% in the financial services sector, a sector that is most prepared;
- Again, just 35% of real estate and construction businesses have yet to take any steps to prepare for the GDPR. This compares to 20% across all businesses and 15% in the financial services sector;
- 28% of real estate businesses and construction do not have any data breach contingency plan in, compared against 23% of businesses across other sectors;
- 18% of all businesses surveyed believe that if they had to pay the maximum fine under the new GDPR regulations – the higher of €20 million or 4% of worldwide turnover – it would put them at risk of insolvency.
Patrick Wheeler, Partner and Head of Intellectual Property and Data Protection at Collyer Bristow, said, “The GDPR makes a significant tightening of data protection compliance regulation and comes into force on 25 May 2018. It harmonises data protection rules across the European Union and applies to all organisations collecting personal data. Real estate and construction businesses in the UK will have to comply, irrespective of our decision to leave the EU.
“Our survey shows that a lot of businesses in the UK worryingly still have a long way to go to be GDPR-compliant by May, and the clock is ticking. The real estate and construction sectors are by far and away the least prepared. That has to be concerning.”
The survey also reports that 57% of businesses’ senior management have little or no direct involvement with data protection and that 34% of businesses have no plans to perform a data risk assessment in the remaining months of 2017.
Patrick added, “It cannot be overstated just how far reaching a change the GDPR will be to the data protection landscape in the UK. It impacts all real estate businesses that deal with personal data – no matter how small. The potentially-enormous penalties mean that no business can afford to treat its data protection policies and procedures as a low priority.
“With nearly one in five businesses saying they would be at risk of going insolvent if they had to pay the maximum penalty, data regulation compliance can potentially have wide reaching consequences for the whole firm.
“The new regime comes at a time when data is becoming increasingly important to businesses. Owning and exploiting customer data is now a key part of a business’ competitive strength – meaning the GDPR really is raising the stakes.
“The good news is that businesses still have time to get their data protection in order. A business that starts working on this today can be a fully compliant business by next May, or at the very least, well on the way towards compliance.”