Alarming amount of organisations have not heard of GDPR

Government research has revealed that many UK organisations have not heard of the General Data Protection Regulation (GDPR) and will struggle to be on course in terms of compliance.

No firm will be 100% compliant on 25 May but what counts is proactively working towards compliance and minimising privacy risks for individuals.

If an organisation has not heard of GDPR at this stage – 79 days until the GDPR is enforced – then there is little hope that they will be able to adequately prepare their organisation for the new law.

In particular - SME’s have not heard of GDPR. Only 49% of firms with 10-49 employees had heard of GDPR, while only 31% of micro businesses with less than 9 employees had heard of GDPR.

As a business increases in size so does the likelihood that they have heard of the legislation with 80% of businesses with over 250 employees having heard of GDPR. The cause for concern is the fifth of large firms who have not heard of GDPR, with only a short time left until the new act comes in.

The research is further broken down by sector with the finance and insurance; information or communications; and the education sectors having the highest awareness of GDPR (79%, 67% and 52% respectively). These are significantly higher than the average.

Organisations with senior managers that consider cyber security a critical issue are significantly more likely to be aware of GDPR. Only 23% of businesses that believe cyber security is a low priority are aware of GDPR.

Of those that were aware of the regulation, just 27% of businesses and 26% of charities have made any changes to how they operate, directly as a response to the forthcoming changes to data protection law.

UK organisations are now on the home stretch and time is limited. Organisations that haven’t heard of GDPR will really struggle to be compliant with GDPR or even meaningfully working towards compliance.