Most UK businesses are still not GDPR compliant

Despite the having taken effect more than a year ago, a 'good enough' approach is taking over

Graphic of individuals being glared at by cameras and having their privacy invaded

More than half of UK businesses are still not GDPR compliant over a year since the legislation came into force, according to a report from Egress.

Although nearly all businesses that responded to the survey (96%) said they had invested in GDPR compliance over the past 12 months, the majority are still leaving themselves open to debilitating fines.

Advertisement - Article continues below

Of the 52% that said they were non-compliant, 42% of them said they were "mostly compliant" with the data protection laws that came into effect in May 2018 under the Data Protection Act 2018.

"The fact they are not yet over the line demonstrates a loss of focus on achieving the necessary standard," read the report. "This is supported by the fact that more than one-third (35%) said GDPR compliance has become less of a priority in the past 12 months.

"Even the ICO's announcement of its intention to issue multimillion-pound fines to BA and Marriott Hotels has not reignited urgency; only 6% of respondents said it had shocked their business back into awareness."

The understanding that GDPR has been the catalyst in the "unprecedented" fourfold increase in data breach reports since its implementation was echoed in the report which revealed 37% of GDPR decision-makers were obliged to report a breach to the ICO in the past 12 months.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The fines that can be dished out as a result of a breach may scare some, but that isn't reflected in the survey of UK GDPR decision-makers. A large majority of respondents (70%) were positive about GDPR, proactively protecting the data it holds. Although a portion of these may not be proactively protecting data to a lawful extent, 62% said their organisation had made GDPR a priority of the past year.

"Since the rush to meet last May's deadline, we now appear to be seeing an 'almost compliant is close enough' attitude towards GDPR, with a significant percentage of decision-makers indicating that focus has waned in the past 12 months," said Tony Pepper, CEO at Egress.

Going forward, investment in GDPR is shifting towards new processes around the handling of sensitive data 28% said this was the biggest area of investment since they started implementing GDPR-ready protection.

"It's positive to see that almost one-fifth (17%) of respondents are looking to technology as a way to mitigate breaches, but they must ensure these solutions tackle human error as the root causes of many of these incidents," said Pepper.

Advertisement - Article continues below

"They must look to the latest advances in security and DLP technology that can map a user's behaviour to prevent the array of mistakes that put data at risk from falling for phishing attacks that can lead to malware infections or stolen credentials, to misdirecting emails or attaching the wrong documents.

"GDPR is here to stay, and we're only going to see more companies penalised for data breaches unless we're able to overcome these issues."

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/security/cyber-security/355271/microsoft-gobbles-up-corpcom-domain-to-keep-it-from-hackers
cyber security

Microsoft gobbles up corp.com domain to keep it from hackers

8 Apr 2020
Visit/software/video-conferencing/355257/taiwan-first-country-to-ban-zoom-amid-security-concerns
video conferencing

Taiwan becomes first country to ban Zoom amid security concerns

8 Apr 2020