Less than a month before GDPR, majority of UK businesses remain unaware of data processing law
A new survey has revealed a horrible complacency and lack of preparation among British businesses to the EU’s General Data Protection Regulation (GDPR).
The survey from cyber security firm ThinkMarble found that 73 percent of British businesses remain unaware of the lawful basis for processing data ahead of GDPR deadline on 25 May.
Earlier this week publisher trade groups accused Google of making unreasonable demands on them as it brings in new advertising rules to comply with the GDPR.
The EU passed the GDPR nearly two years ago, but a 24-month grace period ends on 25 May, when enforcement effectively begins. As a result, organisations should be currently altering their privacy practices to comply with the law.
But it seems from the survey of more than 250 businesses that completed ThinkMarble’s GDPR Readiness online portal tool, that the vast majority (nearly three quarters) do not understand the new rules.
And perhaps even worse, about a quarter (25 percent) still do not know or are unsure of where the personal data that they are responsible for is currently held.
And almost unbelievably, 27 percent of respondents have no data protection policy in place.
And if that were not bad enough, 13.5 percent of businesses surveyed also revealed that they are not registered with the Information Commissioner’s Office (ICO), despite them processing personal data, as currently required by law.
“With little more than three working weeks left until the GDPR becomes enforceable, it appears that businesses continue to be woefully underprepared, despite the numerous warnings issued, and have left themselves wide open to being in breach of the new regulation,” said Andy Miles, Founder & CEO at ThinkMarble.
“Too many see the new regulations as a compliance tick box activity and a burden, when really it should be viewed as an investment into your business, your employees and your customers,” said Miles. “I expect that we will see future customers seeking reassurance on how their data is processed and managed and for those organisations that have taken the right steps to reinforcing their cyber security and information practices, they will be the ones that reap the benefits in their future growth.”
Furthermore, 50 percent of businesses do not make data security checks about outsourced providers; 81 percent do not train staff on data protection and privacy measures; and 68 percent do not inform people what will be done with their data.
Meanwhile 43 percent of responding businesses do not tell people their data will be shared; 76 percent have not reviewed how they obtain consent; and 78 percent do not have policy to dispose of data.
Gemalto told Silicon UK last year that enterprises are at different stages of readiness for GDPR.
However the ThinkMarble survey seems to suggest that most are definitely not ready for its implementation.
How much do you know about privacy? Try our quiz!