Countless warnings about the GDPR still haven’t prompted businesses into action, as more than seven in 10 admit to not knowing the lawful basis for processing data.
An even bigger chunk (almost eight in ten) are yet to review their Data Protection policy and, if they currently outsource data, half don’t check the processes that it goes through.
Businesses continue to be woefully underprepared, despite the numerous warnings, and have left themselves wide open to being in breach of the new GDPS.
Too many see the new regulations as a compliance tick-box activity and a burden, when really it should be viewed as an investment into, business, employees and customers.
Some agree that the May 25th framework is an opportunity for IT contractors other suppliers to ‘provide added value to clients.’
But many of the issues exist before ‘sub-processors (like IT contractors) come into the fold. For example, a quarter of businesses have ‘borrowed’ their DP policy from another firm.
About half as many are not registered with the Information Commissioner’s Office, even though the law requires them to because they process personal data
And as well the 50% of 250 businesses polled are not checking their outsourcers’ data processes, the same ‘out of sight out of mind’ stance is taken when exporting information.
In fact, 67% of the businesses admitted that they do not make data security checks when sending data outside the European Economic Area.
The only vaguely positive finding is that the chunk of businesses yet to review their DP policy reduces slightly when asked if they reviewed because of the EU-based framework.
For those companies that embrace the GDPR and review, update and maintain information cyber security best practices, they will become the future leaders of industry.
But there’s a long way to go. Sixty-eight per cent don’t inform people what will be done with their data; 43% don’t tell people their data will be shared, 76% haven’t reviewed how they obtain consent and 78% don’t have policies to dispose of data.
We expect people in the future seeking reassurance on how their data is processed and managed. These results highlight the extent to which UK business continue to remain unprepared for the General Data Protection Regulation.