73 percent of UK businesses unaware of lawful basis for processing data ahead of GDPR
A few weeks ago we spoke to ThinkMarble about the impending arrival of GDPR and the company's virtual data protection office service.
As the May 25th deadline draws closer, the company has released some research data that shows almost three-quarters of UK businesses are unaware of the lawful basis for processing data and a quarter still don't know, or are unsure of, where the personal data they are responsible for is currently held.
Worryingly, 13.5 percent of businesses surveyed also revealed that they aren't registered with the Information Commissioner's Office (ICO), despite them processing personal data, as required by law.
When collecting data, 68 percent don't inform people what will be done with their data, and 43 percent don't tell people their data will be shared. Also 76 percent haven't reviewed how they obtain consent, and 78 percent don't have a policy to dispose of data.
Andy Miles, founder and CEO at ThinkMarble, says:
With little more than three working weeks left until the GDPR becomes enforceable, it appears that businesses continue to be woefully underprepared, despite the numerous warnings issued, and have left themselves wide open to being in breach of the new regulation.
For those companies that embrace the GDPR and review, update and main information cyber security best practices, they will become the future leaders of industry. Too many see the new regulations as a compliance tick box activity and a burden, when really it should be viewed as an investment into your business, your employees and your customers. I expect that we will see future customers seeking reassurance on how their data is processed and managed and for those organisations that have taken the right steps to reinforcing their cyber security and information practices, they will be the ones that reap the benefits in their future growth.
You can find out more about preparing for GDPR on the ThinkMarble website.