Fewer than half of UK businesses and charities are aware of new data protection laws
Fewer than half of all businesses and charities are aware of new data protection laws four months before they come into force, according to new research released today.
Businesses in the finance and insurance sectors have the highest awareness of the changes to be brought in through the EU’s General Data Protection Regulation (GDPR) , which is to be implemented in UK law via the Data Protection Bill in May, as part of plans to help the UK prepare for Brexit.
Businesses in the construction industry have the lowest awareness, with only one in four aware of the incoming regulation. Awareness is higher among businesses that report their senior managers consider cyber security is a fairly high or a very high priority, with two in five aware of the GDPR.
The survey finds more than a quarter of businesses and charities who had heard of the regulation made changes to their operations ahead of the new laws coming into force.
Among those making changes, just under half of businesses, and just over one third of charities, made changes to cyber security practices, including creating or improving cyber security procedures, hiring new staff and installing or updating anti-virus software.
“We are strengthening the UK’s data protection laws to make them fit for the digital age by giving people more control over their own data,” said Secretary of State for Digital, Culture, Media and Sport Matt Hancock.
He added: “These figures show many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill. There is a wealth of free help and guidance available from the Information Commissioner’s Office and the National Cyber Security Centre, and I encourage all those affected to take it up.”
Hancock was speaking from Davos, where he is promoting the UK’s tech sector and affirming the nation’s commitment to artificial intelligence. The UK tops the list in Europe for global tech investors, with its tech firms attracting more venture capital funding than any other European country in 2017. In December it was named by Oxford Insights as the best prepared country in the world for AI implementation.
While in Davos, Hancock is due to deliver speeches speak on the ‘Fourth Industrial Revolution’ and ‘Generation AI’.
As the statistics on data preparedness were released, Hancock said the Government’s Data Protection Bill will “provide people with the confidence their data will be managed securely and safely while also supporting those innovative businesses to maximise the potential benefits of increasing use of data in the digital economy”.
The Bill will give Information Commissioner’s Office (ICO) more power to defend consumer interests and issue higher fines, of up to £17m or 4% of global turnover, for the most serious data breaches.
Organisations which hold and process personal data are urged to prepare and follow the guidance and sector FAQS freely available from the ICO. Its dedicated advice line for small organisations has received more than 8000 calls since it opened in November 2017, and the Guide to the GDPR has had over one million views. The regulator also has a GDPR checklist, and 12 steps to take now to prepare for GDPR.
A Government statement said that there is still time to prepare and many organisations will already be compliant with the new rules. Businesses already complying with the existing Data Protection Act are well on the way to being ready for GDPR.
There will be no regulatory ‘grace’ period, but the ICO is a fair and proportionate regulator, it said. Those who self-report, who engage with the ICO to resolve issues and demonstrate effective accountability, can expect this to be taken into account when the ICO considers taking action.
Information Commissioner Elizabeth Denham said: “Data protection law reforms put consumers and citizens first. People will have greater control over how their data is used and organisations will have to be transparent and account for their actions.
“This is a step change in the law; businesses, public bodies and charities need to take steps now to ensure they are ready. Organisations that thrive under the new rules will be those that commit to the spirit of data protection and embed it in their policies, processes and people.”
The Commissioner said that GDPR “offers a real opportunity to present themselves on the basis of how they respect the privacy of individuals, and over time this can play more of a role in consumer choice. Enhanced customer trust and more competitive advantage are just two of the benefits of getting it right.”
Businesses are recommended to follow free guidance on protecting themselves from online attacks published by National Cyber Security Centre (NCSC), such as the Cyber Essentials advice and the Small Business Guide.
The pandemic has taught me how to share more – and I feel a better leader for it
As a young professional starting out in the tech sector 30 years ago, I thrived on the fast pace,constant change and demanding workload. I lived in London, Singapore and Australia…
We need to shout about our successes. Liz Fletcher on celebrating women in biotech
Throughout my career in biotechnology and life sciences, I have seen many women leading ground-breaking research studies in their fields of expertise. Yet, and I include myself in this, we…
Getting the best out of patient data is key to unlocking future health benefits in Scotland
It is important that clinicians’ voices are heard in the consultation around Scotland’s new health and care data strategy, which closes this week (12 August). Busy GPs like myself are the trusted…
How motherhood helped me be a better leader
Consider this an open letter to anyone I have worked with before I became a mother and before I fully understood how being a parent is actually a prized asset…
‘We cannot achieve our goals without entrepreneurs’ – Kate Forbes on vision for new ‘tech scaler’ network
From the very start of my ministerial career, I have had responsibility for the Scottish tech sector – and I can still say what I have said from the start,…
Finding a role in cyber was ‘tough’ for Cheryl Torano. Now she’s determined to help other women join an under-represented industry
When I decided to upskill to change careers at the age of 30 and dive into the digital world, I knew I would be starting out at the bottom of…
Why innovation and marketing are the perfect partners to make changes that matter￼
With the rapid evolution of traditional marketing and the appearance of digital marketing, technology and innovation has become part of any marketer’s life without the need of working for a…
Transitioning to a four-day week – CEO’s vow to strike a healthier balance in the workplace
I came to Scotland nearly 20 years ago from Ireland, with no contacts but a lot of determination. While Ireland will always be my home, Scotland has given me amazing…