Digital secretary Matt Hancock urges organisations to prepare for GDPR - with less than half even aware of the new law

With only four months to go, many organisations haven't even heard of GDPR, let alone made the fundamental data-protection changes it demands

Fewer than half of UK organisations are even aware of the General Data Protection Regulation (GDPR), which will come into law on 25 May this year, let alone are prepared for it.

That's one of the conclusions of the Cyber Security Breaches Survey 2018, a finding so alarming that secretary of state for digital, culture, media and sport (DCMS), Matt Hancock, has urged organisations to do more to prepare for it.

GDPR will be implemented into UK law, post-Brexit, via the Data Protection Bill, which is currently wending its way through the Houses of Parliament, meaning that organisation won't be able to avoid it.

The Bill will give the Information Commissioner's Office (ICO) power to issue higher fines, of up to €20 million or four per cent of global turnover for the most serious data breaches.

However, many organisations - it doesn't just apply to business, but to charities and the public sector, too - aren't even aware of the impending Regulation.

And the Cyber Security Breaches Survey also revealed big differences in GDPR awareness across different sectors.

Businesses in the construction industry have the lowest awareness, with only one-quarter aware of the incoming regulation, while organisations in the finance and insurance sectors have the highest awareness of the changes.

According to the research, which covered 1,500 businesses and 500 charities, awareness is higher among organisations that claim that their senior managers consider cyber security a fairly high or very high priority. Nevertheless, even in this segment, only 40 per cent of respondents were aware of GDPR.

Despite this, many organisations are making changes ahead of the Regulation coming into force. More than one-quarter of businesses and charities who had heard of GDPR said they had made changes as a result.

Of those that have made changes, just under a half of businesses and over one-third of charities made changes to cyber security practices. This included changes such as creating or improving cyber security procedures, hiring new staff and installing or updating anti-virus software.

Hancock said that the government was strengthening the UK's data protection laws to make them "fit for the digital age" by giving people more control over their own data.

"As these figures show, many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill," he said.

"There is a wealth of free help and guidance available from the Information Commissioner's Office and the National Cyber Security Centre, and I encourage all those affected to take it up," he added.