Nine in ten businesses and charities have not even begun to prepare for GDPR, UK Government research finds

Written by Sam Trendall on 24 January 2018 in News

DCMS study finds majority of organisations in private and third sectors have never even heard of soon-to-be-implemented legislation

Time is running out to get ready for GDPR - Image credit: Santiago Silver

The majority of charities and businesses have never heard of the EU General Data Protection Regulation (GDPR), and far fewer still have done any work to prepare for the incoming legislation, UK Government research has found.

Figures published by the Department of Digital, Culture, Media and Sport (DCMS) reveal that just 38 per cent of companies and 44 per cent of charities in the UK are currently aware of GDPR, which introduces much more stringent rules around use of personal data – along with heftier fines for breaches.

Of those that have heard of the legislation, 27 per cent of businesses and 26 per cent of charities have made any changes to their operations in response to the new regulation.

This means that about nine in ten organisations are yet to do any preparation for GDPR, just four months ahead of its implementation date of 25 May.

The study, carried out on behalf of DCMS by research firm Ipsos MORI and the Institute for Criminal Justice Studies at the University of Portsmouth, showed that awareness levels increase markedly in line with the size of an organisation.

Among ‘micro’ organisations with between two and nine staff, 31 per cent of businesses and 37 per cent of charities were aware of GDPR.

These percentages rose to 49 per cent and 47 per cent, respectively, for entities with 10-49 employees.

Some 66 per cent of companies with between 50 and 249 workers had heard of GDPR, while the figure for charities of this size was 53 per cent.

In organisations with 250-plus people, awareness was much more common, with 80 per cent of firms and 75 per cent of charities having heard of GDPR.

Within the minority of organisations who have made any operational changes ahead of GDPR, 36 per cent of respondents in both the charity and business sectors have changed or added to their cybersecurity policies or practices.

A total of 21 per cent of companies and 10 per cent of charities who have done some preparatory work have delivered extra communications or training to employees.

This research – which will feed into the DCMS’s Cyber Security Breaches Survey report, due to be published in April – was conducted between October and December of last year.

A total of 1,519 business and 569 charities took part.



Related Articles

UK resurrects plans for technological solution to Irish border post-Brexit
21 November 2018

Cabinet yesterday discussed whether so-called "maximum facilitation" – or Max Fac – could be used to avoid having to erect customs posts

New cyber security regulators to be given power to fine critical services providers up to £17m
30 January 2018

Organisations supplying water, energy, health or transport services must implement effective measures against cyber attacks

Scottish Government public sector cyber resilience action plan aims to address lack of guidance on cyber security
8 November 2017

The Scottish Government has published an action plan for public sector cyber resilience in the wake of high profile attacks

Securing the digital world: cyber security and GDPR
22 June 2017

A series of cyber attacks has grabbed the headlines – what is being done to protect our data and our safety?

Related Sponsored Articles

Balancing security and digital transformation
24 October 2018

With the annual worldwide cost of cybercrime set to double from $3tn in 2015 to $6tn by 2021, BT offers advice on how chief information security officers can better...

Associate feature: 5 ways IoT is transforming the public sector
5 February 2018

Vodafone explores some of the ways IoT is significantly improving public sector service delivery

Associate feature: Who keeps your organisation secure?
19 February 2018

BT's Amy Lemberger argues that having the right security in place to protect your organisation is no longer just an option. It is a necessity.

Share this page