The new legislation will come into force in May, but smaller organisations have low awareness of the changes
Fewer than half of charities are prepared for the new data protection laws, just four months before they come into force.
A cyber security survey carried out by the Westminster government has revealed that only 44% of charities have heard of the General Data Protection Regulation (GDPR).
The legislation – which will come into force on 25 May - will strengthen the rules around personal data and requires organisations to be more accountable and transparent, with potentially harsher penalties for those who do not comply. It also gives people greater control over their own personal data.
Among those who said they had heard of GDPR, only a quarter had made changes to their operations to respond to the new legislation.
Awareness of the changes was lowest amongst smaller organisations: with 37% of micro-sized and 47% of small organisations having heard of GDPR, compared to 53% of medium and 75% of large charities. This was also reflected when income was considered with 90% of organisations who have an income of more than £5 million saying they had knowledge of the impending legislation.
The bill will give Information Commissioner’s Office (ICO) more power to defend consumer interests and issue higher fines, of up to £17 million or 4% of an organisation’s turnover, for the most serious data breaches.
Information commissioner Elizabeth Denham said charities must act now to ensure they are ready for the new rules.
She said: “Data protection law reforms put consumers and citizens first. People will have greater control over how their data is used and organisations will have to be transparent and account for their actions. This is a step change in the law; charities need to take steps now to ensure they are ready.”
Secretary of state for digital, culture, media and sport Matt Hancock said that there is still time for organisations to take action.
He said: “We are strengthening the UK’s data protection laws to make them fit for the digital age by giving people more control over their own data.
“And as these figures show many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our data protection bill.”