According to new research carried out by the Department for Digital, Culture, Media & Sports, less than half of all UK businesses and charities are aware of the changes to UK data protection law under the EU’s General Data Protection Regulation (GDPR) which will come into force on 25 May 2018.
The Government’s findings show that organisations operating in the finance and insurance sectors are most aware of the incoming GDPR and the new obligations which will be imposed on them, whilst the lowest awareness can be found within the construction and the production and manufacturing industries. In addition, it is reported that as little as a quarter of organisations have made changes to their operations in anticipation of the changes to the UK’s data protection laws.
In light of the research, the Secretary of State for Digital, Culture, Media & Sports has urged organisations “to act to make sure the personal data they hold is secure”. Organisations which hold and process personal data are strongly encouraged to make use of the free guidance available from the Information Commissioner’s Office (ICO) and the National Cyber Security Centre to ensure they are prepared for the new data protection laws. Businesses that fail to comply with the new rules coming into force could face fines of up to €20m or 4% of their annual turnover.
In particular, smaller business not previously caught by EU data protection law and which have not yet taken any steps towards getting prepared for May 2018 should consider making use of the ICO’s free advice line for small organisations and its Guide to the GDPR.