Most businesses unaware of data protection laws

Most businesses are unaware of data protection laws, according to a new survey [Image: Vertigo3d via iStock]

Less than half of UK businesses and charities are aware of new data laws coming into force in May 2018, according to a government-sponsored survey.

The survey, conducted by Ipsos MORI and the University of Portsmouth, found that awareness in the construction and manufacturing sectors is particularly low.

Just 38 per cent of businesses and 44 per cent of charities say they have heard of the General Data Protection Regulation (GDPR), which is the foundation of the UK’s new Data Protection Act.

A business’ size was found to play a significant part in whether it had heard of GDPR, with just 31 per cent of micro businesses (those employing two to nine people) and 49 per cent of small businesses (ten to 49 employees) having reported that they knew of the regulation. In contrast, 66 per cent of medium-sized enterprises (50 to 249 employees) and 80 per cent of large businesses (those with more than 250 employees) had heard of it.

Among those businesses that are aware of GDPR, just over a quarter made changes to their operations in response to its introduction, the survey found. It also found that of those making changes, just under half of businesses and just over one-third of charities said these changes included amendments to cyber security practices.

Of those businesses and charities reporting changes to their cyber security strategies, creating or changing policies was the most common change. In each case, just over one-third had made this change.

When asked if a business had made any changes to the way it operates due to GDPR, it was found that those in the financial and insurance sector were most likely to have done so, at 54 per cent. Meanwhile, those in the retail and wholesale sector were least likely to report making changes (13 per cent).