British businesses and charities are being urged to prepare their organisations for the new law that will stiffen data protection laws in this country.
The warning came from the Digital and Culture Secretary Matt Hancock, after new research found that fewer than half of businesses and charities are aware of the new data laws that come into force in just four months time.
The new Data Protection Bill was introduced in the Queen’s speech last June, and whilst that speech focused heavily on Brexit, it also included a number of tech-related issues including driverless cars, data protection, and even space travel.
The new Data Protection Bill was broadly welcomed at the time, but was tweaked last Autumn to include safeguards to ensure freedom of the press, and allow for confidential scientific research.
But while businesses in the finance and insurance sectors have the highest awareness of the changes, a new survey has found that most firms are completely unaware of their new data protection obligations.
Awareness of these obligations is particularly low in the construction and manufacturing sectors, with only one in four aware of the incoming regulation.
Awareness is apparently higher among businesses that say that senior management considers cyber security a fairly high or a very high priority, with two in five aware of the GDPR.
The survey found more than a quarter of businesses and charities who had heard of the regulation made changes to their operations ahead of the new laws coming into force.
Among those making changes, just under half of businesses, and just over one third of charities, made changes to cyber security practices, including creating or improving cyber security
procedures, hiring new staff and installing or updating anti-virus software.
“We are strengthening the UK’s data protection laws to make them fit for the digital age by giving people more control over their own data,” explained Secretary of State for Digital, Culture, Media and Sport Matt Hancock said at Davos.
“And as these figures show many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill,” he added. “There is a wealth of free help and guidance available from the Information Commissioner’s Office and the National Cyber Security Centre, and I encourage all those affected to take it up.”
Under current legislation, the Information Commissioner’s Office (ICO) had the power only to fine firms up to £500,000 for serious data breaches.
The current record was set in 2017 when a nuisance call firm was imposed with a £400,000 fine.
But under the new bill, the ICO has more power to defend consumer interests and issue higher fines, of up to £17 million or 4 percent of global turnover, for the most serious data breaches.
The ICO has consistently called for greater powers, most notably after the TalkTalk hack in 2015.
And the data protection watchdog has warned that there will no regulatory grace period for firms failing to heed the new laws, but it did say that those firms which self-report, and those firms that engage with the ICO to resolve issues and demonstrate effective accountability, can expect this to be taken into account when the ICO considers taking action.
“Data protection law reforms put consumers and citizens first,” said Information Commissioner Elizabeth Denham. “People will have greater control over how their data is used and organisations will have to be transparent and account for their actions.”
“This is a step change in the law; businesses, public bodies and charities need to take steps now to ensure they are ready,” added Denham. “Organisations that thrive under the new rules will be those that commit to the spirit of data protection and embed it in their policies, processes and people.”
“Our website is packed with information to help your organisation to get prepared for May 2018,” she concluded.
Quiz: Are you a privacy expert?
Unnamed 'user' files appeal with Facebook's Supreme Court (the Oversight Board) against the 'indefinite' ban…