73 percent of UK businesses unaware of lawful basis for processing data ahead of GDPR
A few weeks ago we spoke to ThinkMarble about the impending arrival of GDPR and the company's virtual data protection office service.
As the May 25th deadline draws closer, the company has released some research data that shows almost three-quarters of UK businesses are unaware of the lawful basis for processing data and a quarter still don't know, or are unsure of, where the personal data they are responsible for is currently held.
The data, sourced from more than 250 businesses that completed ThinkMarble's GDPR Readiness online portal tool, also reveals that 79 percent of businesses haven't reviewed their data protection policy and 71 percent haven't reviewed their privacy policy in preparation for GDPR, whilst 27 percent have no data protection policy in place.
Worryingly, 13.5 percent of businesses surveyed also revealed that they aren't registered with the Information Commissioner's Office (ICO), despite them processing personal data, as required by law.
In addition 24 percent have 'borrowed' their data protection policy from another business, and 38 percent don't have privacy policy in place. Also 67 percent don't make data security checks when sending data outside the European Economic Area (EEA). Half don't make data security checks about outsourced providers either, and 81 percent do not train staff on data protection and privacy measures.
When collecting data, 68 percent don't inform people what will be done with their data, and 43 percent don't tell people their data will be shared. Also 76 percent haven't reviewed how they obtain consent, and 78 percent don't have a policy to dispose of data.
Andy Miles, founder and CEO at ThinkMarble, says:
With little more than three working weeks left until the GDPR becomes enforceable, it appears that businesses continue to be woefully underprepared, despite the numerous warnings issued, and have left themselves wide open to being in breach of the new regulation.
For those companies that embrace the GDPR and review, update and main information cyber security best practices, they will become the future leaders of industry. Too many see the new regulations as a compliance tick box activity and a burden, when really it should be viewed as an investment into your business, your employees and your customers. I expect that we will see future customers seeking reassurance on how their data is processed and managed and for those organisations that have taken the right steps to reinforcing their cyber security and information practices, they will be the ones that reap the benefits in their future growth.
You can find out more about preparing for GDPR on the ThinkMarble website.
Image credit: zaborgomel/depositphotos.com