Following the publication of new government research which shows that fewer than half of businesses are aware of forthcoming new data protection laws, the government has urged businesses to act to make sure the personal data they hold is secure and that they are fully prepared for the EU General Data Protection Regulation (GDPR) and the new Data Protection Act 2018.
According to the new government research which covered 1,500 businesses, only 38% of businesses said they had heard of the GDPR, which is the foundation of the UK’s new Data Protection Act 2018 and will come into force on 25 May 2018. Awareness was particularly low amongst micro-businesses with less than 10 employees. Among those businesses that were aware of the GDPR, only just over a quarter (27%) had already made changes to their operations in response to the GDPR’s introduction and, of those that had made changes, just under half (49%) said their changes included those to cyber security practices. Creating or changing policies was the most common cyber-security change recorded, followed by additional staff training or communications.
As well as a wealth of free guidance and a telephone advice line being available from the Information Commissioner’s Office, including a Guide to the GDPR and a GDPR checklist, free guidance on cyber security is available from the National Cyber Security Centre (NCSC), including Cyber Essentials and the Small Business Guide.
The European Commission has also just published an online practical tool on the GDPR dedicated to SMEs.