Global cyber and information security experts, ThinkMarble, have revealed new findings that show that 73% of UK businesses remain unaware of the lawful basis for processing data and a quarter still do not know or are unsure of where the personal data that they are responsible for is currently held.
The results highlight the extent to which UK business continue to remain unprepared for the General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018.
Concerningly, 13.5% of businesses surveyed also revealed that they are not registered with the Information Commissioner’s Office (ICO), despite them processing personal data, as currently required by law.
ThinkMarble survey reveals
- 24% have ‘borrowed’ their data protection policy from another business
- 67% do not make data security checks when sending data outside the European Economic Area (EEA)
- 50% do not make data security checks about outsourced providers
- 81% do not train staff on data protection and privacy measures
- 68% do not inform people what will be done with their data
- 43% do not tell people their data will be shared
- 76% have not reviewed how they obtain consent
- 78% do not have policy to dispose of data
Andy Miles, Founder & CEO at ThinkMarble, commented: “With little more than three working weeks left until the GDPR becomes enforceable, it appears that businesses continue to be woefully underprepared, despite the numerous warnings issued, and have left themselves wide open to being in breach of the new regulation.
“For those companies that embrace the GDPR and review, update and maintain information cyber security best practices, they will become the future leaders of industry. Too many see the new regulations as a compliance tick box activity and a burden, when really it should be viewed as an investment into your business, your employees and your customers.
“I expect that we will see future customers seeking reassurance on how their data is processed and managed and for those organisations that have taken the right steps to reinforcing their cyber security and information practices, they will be the ones that reap the benefits in their future growth.”