GDPR ignorance remains

New findings show that 50% of businesses do not check outsourced providers data security processes.

  • 6 years ago Posted in
ThinkMarble has revealed new findings that show that almost three-quarters (73%) of UK businesses remain unaware of the lawful basis for processing data and a quarter (25%) still do not know or are unsure of where the personal data that they are responsible for is currently held. The results highlight the extent to which UK business continue to remain unprepared for the General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018.

 

The data, sourced from more than 250 businesses that completed ThinkMarble’s GDPR Readiness online portal tool, also revealed that 79% of businesses have not reviewed their data protection policy and 71% have not reviewed their privacy policy in preparation for the GDPR, whilst 27% have no data protection policy in place.

 

Concerningly, 13.5% of businesses surveyed also revealed that they are not registered with the Information Commissioner’s Office (ICO), despite them processing personal data, as currently required by law. 

 

The findings also reveal that:

 

  • 24% have ‘borrowed’ their data protection policy from another business
  • 38% do not have privacy policy in place
  • 67% do not make data security checks when sending data outside the European Economic Area (EEA)
  • 50% do not make data security checks about outsourced providers
  • 81% do not train staff on data protection and privacy measures
  • 68% do not inform people what will be done with their data
  • 43% do not tell people their data will be shared
  • 76% have not reviewed how they obtain consent
  • 78% do not have policy to dispose of data

 

Andy Miles, Founder & CEO at ThinkMarble, comments: “With little more than three working weeks left until the GDPR becomes enforceable, it appears that businesses continue to be woefully underprepared, despite the numerous warnings issued, and have left themselves wide open to being in breach of the new regulation.

 

“For those companies that embrace the GDPR and review, update and maintain information cyber security best practices, they will become the future leaders of industry. Too many see the new regulations as a compliance tick box activity and a burden, when really it should be viewed as an investment into your business, your employees and your customers. I expect that we will see future customers seeking reassurance on how their data is processed and managed and for those organisations that have taken the right steps to reinforcing their cyber security and information practices, they will be the ones that reap the benefits in their future growth.”

 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...