Less than four months before the General Data Protection Regulation (GDPR) takes effect in the U.K., a recent government survey indicates that only 38% of businesses are aware of the upcoming data protection laws. GDPR will commence on May 25 and, according to ZDNet, “those who are found to misuse, exploit, lose, or otherwise mishandle personal data could potentially face huge fines.”
GDPR will allow European customers to control any personal data about their businesses’ storage and processes. The survey shows that the impending deadline isn’t giving companies enough time to prepare, despite government warnings. Little or no action could lead to fines of up to 4% of company turnover, ZDNet reported, with additional penalties if companies are hacked and attempt to hide it from their customers.
Gov.uk published the Cyber Security Breaches Survey 2018: Preparations for the New Data Protection Act on Jan. 24, which comprises data from telephone interviews over a three-month period in late-2017. The survey was commissioned by the Department for Digital, Culture, Media and Sport (DCMS) as part of the National Cyber Security Programme and includes responses from more than 1,500 businesses and nearly 570 charities.
The finance and insurance sectors have the most awareness of the coming legislation, according to the report; however, only one in four businesses in the construction sector is aware of GDPR.
“Among those aware of GDPR, just over a quarter of businesses and charities made changes to their operations in response to GDPR’s introduction,” the report states. “Among those making changes, just under half of businesses, and just over one-third of charities, said these changes included those to cyber security practices.”
The majority of businesses and charities that reported cyber and security changes said they were made by creating or updating policies, while others made changes by conducting additional staff training or communications, or by installing, changing or updating antivirus or antimalware software.
A wider survey, including more input from U.K. businesses and charities, is expected to be released in April prior to the start of the GDPR.
—Andrew Michaels, editorial associate