Fewer than half of businesses ready for GDPR, warns UK gov

A folder labelled "GDPR Compliance" on a desk
(Image credit: Shutterstock)

The UK government has urged British businesses and charities to be prepared for the new data protection laws set to be introduced as part of the EU's General Data Protection Regulation (GDPR).

Due to be implemented in UK law via the Data Protection Bill in May 2018, GDPR is part of the government's plans to help the UK prepare for a successful Brexit. For starters, it will give the Information Commissioner's Office (ICO) more power to defend consumer interests and issue higher fines, of up to 17 million or 4% of a company's global turnover, for the most serious data breaches.

However, according to new research, the government said fewer than half of all businesses and charities are aware of the laws, even with only four months to go before they are implemented. And if businesses aren't ready, they could be hit by major fines.

UK secretary of state for digital, culture, media and sport, Matt Hancock, said organisations must keep up to speed with the new regulations. Speaking from the World Economic Forum in Davos, he warned: "We are strengthening the UK's data protection laws to make them fit for the digital age by giving people more control over their own data."

He added: "As these figures show, many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill.

"There is a wealth of free help and guidance available from the Information Commissioner's Office and the National Cyber Security Centre, and I encourage all those affected to take it up."

While businesses in the finance and insurance sectors are said to have the highest awareness of the changes to be brought in through the EU's GDPR, organisations in the construction industries are said to have the lowest awareness, with only one in four aware of the incoming regulation.

The research also suggests that awareness is higher among businesses that report their senior managers consider cyber security is a fairly high or a very high priority, with two in five aware of the GDPR.

Nevertheless, the UK government said there's still time for organisations to prepare, adding that those already complying with the existing Data Protection Act are well on the way to being ready in time for GDPR.

"There will be no regulatory grace' period, but the ICO is a fair and proportionate regulator," the UK gov website states. "Those who self-report, who engage with the ICO to resolve issues and demonstrate effective accountability, can expect this to be taken into account when the ICO considers taking action."