GDPR: Some companies have only started their compliance preparations this week, claims Bristows lawyer Robert Bond

And all those 'GDPR compliance' emails are pointless and unnecessary, too

Organisations are still calling in lawyers to start their preparations for the European Union General Data Protection Regulation (GDPR) this week - just hours before the rigorous new data protection laws formally come into force.

That's according to Robert Bond, partner at major London law practice Bristows, and one of the UK's leading data protection lawyers.

"It's been absolutely mental," Bond told Computing earlier this week. "We've still been taking instructions this week on companies that have done nothing."

Furthermore, added Bond, the blizzard of GDPR compliance emails that people have been subject to in the past week or two are simply not necessary.

"The emails that have been coming out saying ‘unless you give us your consent we'll never be able to contact you again' are generally incorrect and not necessary.

"So there will have been a lot of businesses that will have decimated their customer databases unnecessarily. I'm not sure who started it, but everyone seems to be doing it. Yet it's not a strict requirement of GDPR," Bond told Computing.

Bond also appeared today in the Computing web seminar, "GDPR is here, but are you ready yet?". He warned that one of the biggest costs to organisations arising from GDPR could be subject-access requests, which under GDPR are free to consumers and must be fulfilled within 30 days.

This, he warned, could be used by activists to harass organisations, and with legal advice related to complex subject-access requests typically costing between £10,000 and £25,000, according to Bond, which could prove costly if the subject-access requests mount up.

The web seminar featured research from 100 UK CIOs and IT leaders into their preparedness for GDPR, sponsored by Trend Micro, conducted at the beginning of May. The results indicated that more than half of organisations would not be ready in time - with more than 15 per cent likely to take at least a year or more.

Likewise, just 15 per cent of respondents expressed confidence in their organisation's ability to handle subject-access requests. And, while two-thirds believe they will get many more such requests under GDPR, 35 per cent have no idea how much they will cost.

One viewer warned that if just one per cent of their customers made subject-access requests it would consume 100 per cent of staff time.

The Computing web seminar, ‘GDPR is here, are you ready yet?' will be available to view on-demand shortly.