More than a quarter of UK businesses in the retail sector have cancelled all preparation for the EU General Data Protection Regulation on the misunderstanding that it will not apply after Brexit.

The regulation, which has been years in the pipeline, is designed to harmonise data protection regulation throughout Europe and provide citizens with more control over their personal data.

It has been ratified by the UK and is due to come into force in May 2018 – almost certainly before Britain completes its exit from Europe.

However a survey of IT decision makers in the retail sector by information management experts Crown Records Management has revealed that:

  • 27 per cent have cancelled all preparations because of Brexit – only banking returned a higher result.
  • A further 3 per cent have not even begun preparation.
  • 47 per cent think the regulation will not apply to UK businesses after Brexit.
  • 6 per cent don’t have plans for staff training on data protection.

John Culkin, Director of Information Management at Crown Records Management, believes the results are alarming.

He said: “For so many businesses in the retail sector to be cancelling preparations is a big concern because this regulation is going to affect them all in one way or another.

“Firstly, it is likely to be in place before any Brexit. Secondly, although an independent Britain would no longer be a signatory it will still apply to all businesses which handle the personal information of European citizens.