73% Of British Businesses Remain Unaware Of The Lawful Basis For Processing Data Ahead Of GDPR Deadline, Reveals ThinkMarble

By   ISBuzz Team
Writer , Information Security Buzz | May 02, 2018 10:50 am PST

New findings show that 50% of businesses do not check outsourced providers data security processes 

Global cyber and information security experts, ThinkMarble, have today revealed new findings that show that almost three-quarters (73%) of UK businesses remain unaware of the lawful basis for processing data and a quarter (25%) still do not know or are unsure of where the personal data that they are responsible for is currently held. The results highlight the extent to which UK business continue to remain unprepared for the General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018.

The data, sourced from more than 250 businesses that completed ThinkMarble’s GDPR Readiness online portal tool, also revealed that 79% of businesses have not reviewed their data protection policy and 71% have not reviewed their privacy policy in preparation for the GDPR, whilst 27% have no data protection policy in place.

Concerningly, 13.5% of businesses surveyed also revealed that they are not registered with the Information Commissioner’s Office (ICO), despite them processing personal data, as currently required by law.

The findings also reveal that:

  • 24% have ‘borrowed’ their data protection policy from another business
  • 38% do not have privacy policy in place
  • 67% do not make data security checks when sending data outside the European Economic Area (EEA)
  • 50% do not make data security checks about outsourced providers
  • 81% do not train staff on data protection and privacy measures
  • 68% do not inform people what will be done with their data
  • 43% do not tell people their data will be shared
  • 76% have not reviewed how they obtain consent
  • 78% do not have policy to dispose of data 

Andy Miles, Founder & CEO at ThinkMarble, comments: “With little more than three working weeks left until the GDPR becomes enforceable, it appears that businesses continue to be woefully underprepared, despite the numerous warnings issued, and have left themselves wide open to being in breach of the new regulation.

“For those companies that embrace the GDPR and review, update and maintain information cyber security best practices, they will become the future leaders of industry. Too many see the new regulations as a compliance tick box activity and a burden, when really it should be viewed as an investment into your business, your employees and your customers. I expect that we will see future customers seeking reassurance on how their data is processed and managed and for those organisations that have taken the right steps to reinforcing their cyber security and information practices, they will be the ones that reap the benefits in their future growth.”