The regulation, which has been years in the pipeline, is designed to harmonise data protection regulation across Europe and provide citizens with more control over their personal data. 

It has been ratified by the UK and is due to come into force in May 2018 – almost certainly before Britain completes its exit from Europe, despite the recent triggering of Article 50. 

However a survey of IT decision makers by information management experts Crown Records Management has revealed some shocking results. 

It showed that:

·          A quarter of firms have cancelled all preparation for the regulation.

·          A further 4 per cent have not even begun preparation.

·          44 per cent think the regulation will not apply to UK business after Brexit.

Results in the pharmaceutical industry, however, were very different. The results in this sector showed:

·          Only four per cent had cancelled preparations for the EU General Data Protection Regulation (EU GDPR) because of Brexit. Only insurance and legal returned a better result.

·          Only 31 per cent thought the regulation wouldn’t apply after Brexit – the figure in banking was 55 per cent.

·          65 per cent had already appointed a data protection officer, one of the requirements of the EU GDPR. 

John Culkin, Director of Information Management at Crown Records Management, believes the results are alarming.

He said: “These results are encouraging for the pharmaceutical industry because so many other sectors have failed to understand the impact of the EU GDPR and why it will continue to have big implications despite the country’s intention to leave Europe.

“Firstly, it is likely to be in place before any Brexit. Secondly, although an independent Britain would no longer be a signatory it will still apply to all businesses which handle the personal information of European citizens. 

“The pharmaceutical sector doesn’t have a totally clean slate because more than a quarter of respondents still believed that EU GDPR will not apply after Brexit, which is a concern. But it was encouraging to see the extent of preparation which is already in place, particularly when you consider the huge fines which are being introduced for data breaches in future.” 

UK officials and politicians were heavily involved in the drawing up of the new regulation and Culkin believes the general principles behind it are set in stone.

“The reality is we are likely to continue to see stringent data protection in an independent UK rather than a watered down version,” he said.

“Our survey revealed that at least half of companies across the board saw Brexit as an opportunity for Britain to position itself as the safest place to do business through even more robust legislation.

“In fact, this premise was also supported in the pharmaceutical sector with 57 per cent calling for more robust data protection in an independent UK – the highest result across all sectors.

“This means the best course is to prepare now and have a watertight information management system in place as soon as possible. This issue is not going away.”

The EU GDPR will bring in massive fines for data breaches - as high as 20million Euros or up to 4 per cent of global turnover - as well as new rules to ensure privacy is designed in to data policies, plus new rights for citizens to ask for their personal data to be edited or deleted.