Public Services > Central Government

DCMS frets over businesses and charities’ GDPR readiness

David Bicknell Published 24 January 2018

Department’s survey finds fewer than half of all businesses and charities are aware of new data protection laws four months before they come into force


The Department for Digital, Culture, Media and Sport (DCMS) has expressed concern over businesses’ and charities’ lack of readiness for new General Data Protection Regulation (GDPR) laws.

According to new research published by the department, fewer than half of all businesses and charities are aware of new data protection laws four months before they come into force.

Arguably, however, the research only confirms what most had predicted about GDPR as the clock ticks down to the new data protection laws coming into force on May 25: that many businesses are either unaware of GDPR, are hoping it will go away, or don’t know what to do about it.

According to the research, businesses in the finance and insurance sectors have the highest awareness of the changes to be brought in through GDPR. Businesses in the construction industry have the lowest awareness, with only one in four aware of the incoming regulation. Awareness is higher among businesses that report their senior managers consider cyber security is a fairly high or a very high priority, with two in five aware of the GDPR.

The survey found that more than a quarter of businesses and charities who had heard of the regulation had made changes to their operations ahead of the new laws coming into force.

Among those making changes, just under half of businesses, and just over one third of charities, made changes to cyber security practices, including creating or improving cyber security procedures, hiring new staff and installing or updating anti-virus software.

Speaking from the Davos conference, Culture Secretary Matt Hancock said, “We are strengthening the UK’s data protection laws to make them fit for the digital age by giving people more control over their own data. And as these figures show many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill.

“There is a wealth of free help and guidance available from the Information Commissioner’s Office and the National Cyber Security Centre, and I encourage all those affected to take it up.”

Hancock made clear the Government’s Data Protection Bill will provide people with the confidence their data will be managed securely and safely while also supporting those innovative businesses to maximise the potential benefits of increasing use of data in the digital economy.

The Bill will give the Information Commissioner’s Office (ICO) more power to defend consumer interests and issue higher fines, of up to £17m or 4 per cent of global turnover, for the most serious data breaches.

DCMS said there is still time to prepare and many organisations will already be compliant with the new rules. Businesses already complying with the existing Data Protection Act are well on the way to being ready for GDPR, it said.

DCMS insisted there will be no regulatory ‘grace’ period, but described the ICO as “a fair and proportionate regulator.” Those who self-report, who engage with the ICO to resolve issues and demonstrate effective accountability, can expect this to be taken into account when the ICO considers taking action, it said.

Information Commissioner Elizabeth Denham said, “Data protection law reforms put consumers and citizens first. People will have greater control over how their data is used and organisations will have to be transparent and account for their actions. This is a step change in the law; businesses, public bodies and charities need to take steps now to ensure they are ready. Organisations that thrive under the new rules will be those that commit to the spirit of data protection and embed it in their policies, processes and people.

She added, “The GDPR offers a real opportunity to present themselves on the basis of how they respect the privacy of individuals, and over time this can play more of a role in consumer choice. Enhanced customer trust and more competitive advantage are just two of the benefits of getting it right. Our website is packed with information to help your organisation to get prepared for May 2018.”

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.