- 8th February 2018
- Posted by: Suzy Hill
- Category: GDPR
Half of businesses ‘unprepared for GDPR’ survey suggests
The government is urging companies to check they meet the requirements of the new data protection laws which come into effect in May, after research found that fewer than half of all businesses and charities are aware of the new regulations, with just months to go
The EU’s general data protection regulation (GDPR), which is to be implemented in UK law via the data protection bill, is effective from 25 May 2018. Penalties for non-compliance are up to €20m (£17.4m) or 4% of global annual turnover, whichever is higher.
A survey for the department for digital, culture, media and sport (DDCMS) which polled 1,500 businesses and 500 charities, found fewer than half are aware of the new data laws, with awareness in construction and manufacturing sectors particularly low.
The survey showed more than a quarter of businesses and charities who had heard of the regulation made changes to their operations ahead of the new laws coming into force.
Among those making changes, just under half of businesses, and just over one third of charities, made changes to cyber security practices, including creating or improving cyber security procedures, hiring new staff and installing or updating anti-virus software.
Matt Hancock, DDCMS secretary of state, said: ‘We are strengthening the UK’s data protection laws to make them fit for the digital age by giving people more control over their own data.
‘And as these figures show many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our data protection bill.’
Under GDPR, individuals will have greater control over how their data is used and organisations will have to be transparent and account for their actions. This includes documenting the data the organisation holds; planning how to handle subject access requests; reviewing how consent to process data is gained; having procedures in place to detect, report and investigate data breaches; assigning a data protection office; and responding to requests to have data removed.
The Information Commissioner’s Office guide to the General Data Protection Regulation (GDPR) is here.