Most UK businesses are still not GDPR compliant

Despite the having taken effect more than a year ago, a 'good enough' approach is taking over

Graphic of individuals being glared at by cameras and having their privacy invaded

More than half of UK businesses are still not GDPR compliant over a year since the legislation came into force, according to a report from Egress.

Although nearly all businesses that responded to the survey (96%) said they had invested in GDPR compliance over the past 12 months, the majority are still leaving themselves open to debilitating fines.

Of the 52% that said they were non-compliant, 42% of them said they were "mostly compliant" with the data protection laws that came into effect in May 2018 under the Data Protection Act 2018.

"The fact they are not yet over the line demonstrates a loss of focus on achieving the necessary standard," read the report. "This is supported by the fact that more than one-third (35%) said GDPR compliance has become less of a priority in the past 12 months.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Even the ICO's announcement of its intention to issue multimillion-pound fines to BA and Marriott Hotels has not reignited urgency; only 6% of respondents said it had shocked their business back into awareness."

The understanding that GDPR has been the catalyst in the "unprecedented" fourfold increase in data breach reports since its implementation was echoed in the report which revealed 37% of GDPR decision-makers were obliged to report a breach to the ICO in the past 12 months.

The fines that can be dished out as a result of a breach may scare some, but that isn't reflected in the survey of UK GDPR decision-makers. A large majority of respondents (70%) were positive about GDPR, proactively protecting the data it holds. Although a portion of these may not be proactively protecting data to a lawful extent, 62% said their organisation had made GDPR a priority of the past year.

"Since the rush to meet last May's deadline, we now appear to be seeing an 'almost compliant is close enough' attitude towards GDPR, with a significant percentage of decision-makers indicating that focus has waned in the past 12 months," said Tony Pepper, CEO at Egress.

Going forward, investment in GDPR is shifting towards new processes around the handling of sensitive data 28% said this was the biggest area of investment since they started implementing GDPR-ready protection.

"It's positive to see that almost one-fifth (17%) of respondents are looking to technology as a way to mitigate breaches, but they must ensure these solutions tackle human error as the root causes of many of these incidents," said Pepper.

Advertisement - Article continues below

"They must look to the latest advances in security and DLP technology that can map a user's behaviour to prevent the array of mistakes that put data at risk from falling for phishing attacks that can lead to malware infections or stolen credentials, to misdirecting emails or attaching the wrong documents.

"GDPR is here to stay, and we're only going to see more companies penalised for data breaches unless we're able to overcome these issues."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/network-internet/broadband/354530/openreach-offers-free-full-fibre-installation-for-thousands-of
broadband

Openreach offers free full-fibre installation for thousands of homes

14 Jan 2020