CSRD and the UK

What do UK organisations need to know about the EU’s Corporate Sustainability Reporting Directive?

The EU’s Corporate Sustainability Reporting Directive (CSRD) is new legislation that recently came into force with first reporting requirements coming next year. The directive will require all large and listed companies to publish regular reports on the social and environmental risks they face, and on how their activities impact people and the environment. It’s an important part of delivering on the European Green Deal – an ambitious effort whose ultimate goal is a carbon-neutral Europe.

Part of that effort involves putting sustainability reporting “on the map” so it becomes an issue of significance for companies. CSRD defines – for the first time – a common reporting framework for non-financial data, encompassing not just climate change but broader Environmental, Social and Governance (ESG) metrics. 

Many EU member states have missed the deadline to transpose the directive into national law. This could present serious challenges for companies who need to comply starting next year.

Nevertheless, CSRD will dramatically increase the number of businesses that are subject to mandatory ESG disclosures from 15,000 to over 50,000. Among those impacted by this new directive are also non-EU companies, or third-country companies, that have substantial activity in the EU. Obviously, this includes UK organisations. 

But how exactly will they be impacted? This is where we come in. Our guide will explain what this directive is, what you need to know, what it means for your UK company now and, significantly, what you need to do to get ready. Because the one thing that is clear is this: You need to prepare now as successful reporting will require a holistic approach that involves the entire organisation.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.