Government survey reveals GDPR awareness is falling short

The Cyber Security Breaches Survey 2018 from the Department for Digital, Culture, Media and Sport (DCMS) has revealed that only 38% of businesses and 44% of charities have heard of the General Data Protection Regulation (GDPR). This is a worrisome finding, as it is only a matter of months until the new Regulation is enforced. The full report will not be released until April 2018, but the statistics already released provide a comprehensive overview.

Key findings

Of those surveyed:

  • 36% of businesses and charities that were aware of the GDPR had created or changed policies and procedures;
  • 21% of businesses and 10% of charities had provided additional staff training or communications; and
  • Just 6% of businesses and 12% of charities had installed, changed or updated anti-virus or anti-malware software.

GDPR awareness was found to be more prominent in larger charities with 250+ employees (75%) and medium sized charities with 50-249 employees (53%). Smaller charities showed less awareness – 47% of small charities (10-49 employees) and 37% of micro charities (2-9 employees) were aware of the GDPR.

Of the businesses surveyed, those in the finance and insurance industries had the highest levels of awareness (79%), followed by information and communications (67%) and education (52%). The industries with the least awareness were construction (25%) and production and manufacturing (27%).

Matt Hancock, the culture secretary, said:

We are strengthening the UK’s data protection laws to make them fit for the digital age by giving people more control over their own data. And as these figures show many organisations still need to act to make sure the personal data they hold is secure.

Clearly there is still work to be done to ensure compliance by the 25 May deadline. It is important to remember that a key component of any organisation’s GDPR compliance framework is staff awareness and education.

When dealing with confidential and sensitive information, employees need to be aware of internal security policies and procedures, as well as information security best practices.

Are your staff aware of the GDPR?

To reduce the likelihood of employee errors, our GDPR Staff Awareness E-learning Course is an affordable and effective way of introducing the GDPR to your staff that will allow them to gain a comprehensive understanding of the new Regulation’s requirements with minimal disruption to their daily workload.

With significant fines for non-compliance, it is essential that staff understand the new Regulation’s requirements and have sufficient training. Don’t let your staff be your downfall.

Those who are already involved in data protection or who wish to enter the field might want to consider our specialised GDPR training courses.