Britain’s top firms and charities urgently need to do more to prepare for General Data Protection Regulation (GDPR), according to new Government research.
The findings were part of the FTSE 350 Cyber Governance Health Check – the UK Government’s annual report providing insight into how the UK’s biggest 350 companies deal with cyber security.
The Government will soon be introducing its new Data Protection Bill to Parliament. With this coming into effect next May, implementing the General Data Protection Regulation (GDPR), the report for the first time included questions about data protection.
The new data protection law will strengthen the rights of individuals and provide them with more control over how their personal data is being used.
The report found:
- Awareness of GDPR was good, with almost all firms (97 per cent) aware of the new regulation
- Almost three quarters (71 per cent) of firms said they were somewhat prepared to meet the GDPR requirements, with only 6 per cent being fully prepared
- Just 13 per cent said GDPR was regularly considered by their board
- 45 per cent of Boards say they are most concerned with meeting GDPR requirements relating to an individual’s right to personal data deletion
The Information Commissioner’s Office has produced guidance for organisations on implementing the regulation, including a checklist for businesses on the actions they need to take; and a series of interactive workshops and webinars.
The ICO will also produce guidance for organisations about the responsibilities under the GDPR and individuals on their rights under the GDPR.
The Department for Digital, Culture, Media and Sport will continue to work closely with the Information Commissioner’s Office (ICO) during this transitional period.
The FTSE 350 Cyber Governance Health Check is carried out in collaboration with the audit community, including Deloitte, EY, KPMG and PWC.