Fewer than half of UK businesses and charities are aware of data protection laws four months before they come into force, according to research.
Businesses in the UK finance and insurance sectors have the highest awareness of the changes to be brought in through the EU General Data Protection Regulation (GDPR), which is to be implemented in UK law via the Data Protection Bill in May 2018.
Businesses in the UK construction industry have the lowest awareness, with only one in four aware of the incoming regulation. Awareness is higher among businesses that report their senior managers consider cyber security is a fairly high or a very high priority, with two in five aware of the GDPR.
The survey found more than a quarter of businesses and charities who had heard of the regulation made changes to their operations ahead of the new laws coming into force.
Among those making changes, just under half of businesses, and just over one third of charities, made changes to cyber security practices, including creating or improving cyber security procedures, hiring new staff and installing or updating anti-virus software.
Secretary of state for digital, culture, media and sport Matt Hancock said: “These figures show many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill.”
The Bill will give Information Commissioner’s Office more power to defend consumer interests and issue higher fines, of up to £17m ($23.96m) or 4% of global turnover, for the most serious data breaches.
The data was gathered as part of the DCMS Cyber Security Breaches Survey. This is an annual study examining the scale and impact of cyber incidents on businesses and charities, including how they manage and respond to such incidents. The full 2018 survey will be published in the Spring.
The survey covers 1,500 businesses and 500 charities and underpins the DCMS’s work delivering parts of the Government’s five-year £1.9bn ($2.7bn) National Cyber Security Strategy.
By Joe Pickard