Fewer than half of businesses ready for GDPR, warns UK gov

Organisations urged to prepare for the new data protection laws with only 4 months to go

The UK government has urged British businesses and charities to be prepared for the new data protection laws set to be introduced as part of the EU's General Data Protection Regulation (GDPR).

Due to be implemented in UK law via the Data Protection Bill in May 2018, GDPR is part of the government's plans to help the UK prepare for a successful Brexit. For starters, it will give the Information Commissioner's Office (ICO) more power to defend consumer interests and issue higher fines, of up to 17 million or 4% of a company's global turnover, for the most serious data breaches.

However, according to new research, the government said fewer than half of all businesses and charities are aware of the laws, even with only four months to go before they are implemented. And if businesses aren't ready, they could be hit by major fines.

UK secretary of state for digital, culture, media and sport, Matt Hancock, said organisations must keep up to speed with the new regulations. Speaking from the World Economic Forum in Davos, he warned: "We are strengthening the UK's data protection laws to make them fit for the digital age by giving people more control over their own data."

Advertisement - Article continues below

He added: "As these figures show, many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill.

"There is a wealth of free help and guidance available from the Information Commissioner's Office and the National Cyber Security Centre, and I encourage all those affected to take it up."

While businesses in the finance and insurance sectors are said to have the highest awareness of the changes to be brought in through the EU's GDPR, organisations in the construction industries are said to have the lowest awareness, with only one in four aware of the incoming regulation.

The research also suggests that awareness is higher among businesses that report their senior managers consider cyber security is a fairly high or a very high priority, with two in five aware of the GDPR.

Nevertheless, the UK government said there's still time for organisations to prepare, adding that those already complying with the existing Data Protection Act are well on the way to being ready in time for GDPR.

"There will be no regulatory grace' period, but the ICO is a fair and proportionate regulator," the UK gov website states. "Those who self-report, who engage with the ICO to resolve issues and demonstrate effective accountability, can expect this to be taken into account when the ICO considers taking action."

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now


Policy & legislation

Businesses urged to continue IR35 preparations despite Conservative review pledge

3 Dec 2019

How can you protect your business from crypto-ransomware?

4 Nov 2019
wifi & hotspots

How to boost your business Wi-Fi

22 Oct 2019
Business strategy

CIO job description: What does a CIO do?

1 Oct 2019

Most Popular

Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019