GDPR awareness warning triggers Government action
The UK Government is ratcheting up its campaign to get companies to wake up to GDPR on the back of a new study it has carried out which shows fewer than half of all businesses and charities are aware of new data protection laws, with just four months to go before they come into force.
With studies detailing the UK's preparation - or lack of it - for GDPR appearing almost daily, according to the Government-backed research, businesses in the finance and insurance sectors have the highest awareness of the new regulation, which is to be implemented in UK law through the UK Data Protection Bill in May 2018, as part of plans to help the UK prepare for a successful Brexit.
Businesses in the construction industry have the lowest awareness, with only one in four aware of the incoming regulation. Awareness is higher among businesses that report their senior managers consider cyber security is a fairly high or a very high priority, with two in five aware of the GDPR.
The survey finds more than a quarter of businesses and charities who had heard of the regulation made changes to their operations ahead of the new laws coming into force.
Among those making changes, just under half of businesses, and just over one third of charities, made changes to cyber security practices, including creating or improving cyber security procedures, hiring new staff and installing or updating anti-virus software.
Speaking from the World Economic Forum in Davos, Switzerland, Secretary of State for Digital, Culture, Media & Sport Matt Hancock said: "We are strengthening the UK’s data protection laws to make them fit for the digital age by giving people more control over their own data.
"And as these figures show many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill.
"There is a wealth of free help and guidance available from the Information Commissioner’s Office and the National Cyber Security Centre, and I encourage all those affected to take it up."
While Information Commissioner Elizabeth Denham has been keen to stress it is not all about fines, it appears that the Government is not so tolerant, pointing out that, in line with GDPR, firms which are found guilty of serious breaches of the new rules will face penalties of up to £17m or 4% of global revenues.
The Government says that the ICO's dedicated advice line for small organisations has received more than 8,000 calls since it opened in November last year, and the Guide to the GDPR has had over 1 million views. The regulator also has a GDPR checklist, and 12 steps to take now to prepare for GDPR.
Commissioner Denham added: "Businesses, public bodies and charities need to take steps now to ensure they are ready. Organisations that thrive under the new rules will be those that commit to the spirit of data protection and embed it in their policies, processes and people."