Digital and Culture Secretary urges charities to prepare for stronger data protection laws

Fewer than half of charities are aware of new data protection laws four months before they come into force

Chloe Green | 25th Jan 18

Fewer than half of charities are aware of new data protection laws four months before they come into force, according to new research.

The survey measured awareness of the changes to be brought in through the EU’s General Data Protection Regulation (GDPR), which is to be implemented in UK law via the Data Protection Bill in May 2018, as part of plans to help the UK prepare for a successful Brexit.

Incredibly, the survey found that just over a quarter of charities who had heard of the regulation had made changes to their operations ahead of the new laws coming into force. Those charities made changes to cyber security practices, including creating or improving cyber security procedures, hiring new staff and installing or updating anti-virus software.

Speaking from Davos, where he is banging the drum for the UK’s world-leading tech sector and reaffirming the nation’s commitment to artificial intelligence [AI], Secretary of State for Digital, Culture, Media and Sport Matt Hancock said: “We are strengthening the UK’s data protection laws to make them fit for the digital age by giving people more control over their own data.

“And as these figures show many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill.

“There is a wealth of free help and guidance available from the Information Commissioner’s Office and the National Cyber Security Centre, and I encourage all those affected to take it up.”


Data Protection Bill

While in Davos, Mr Hancock will talk up the nation’s innovators in speeches covering policymaking for the Fourth Industrial Revolution and Generation AI.

On the day new statistics on data preparedness are released, Hancock made it clear the Government’s Data Protection Bill will provide people with the confidence their data will be managed securely and safely while also supporting those innovative businesses to maximise the potential benefits of increasing use of data in the digital economy.

The Bill will give Information Commissioner’s Office (ICO) more power to defend consumer interests and issue higher fines, of up to £17m or 4% of global turnover, for the most serious data breaches.

Organisations which hold and process personal data are urged to prepare and follow the guidance and sector FAQS freely available from the ICO. Its dedicated advice line for small organisations has received more than 8,000 calls since it opened in November 2017, and the Guide to the GDPR has had over one million views. The regulator also has a GDPR checklist, and 12 steps to take now to prepare for GDPR.

There is still time to prepare and many organisations will already be compliant with the new rules. Businesses already complying with the existing Data Protection Act are well on the way to being ready for GDPR.

There will be no regulatory ‘grace’ period, but the ICO is a fair and proportionate regulator. Those who self-report, who engage with the ICO to resolve issues and demonstrate effective accountability, can expect this to be taken into account when the ICO considers taking action.

Information Commissioner Elizabeth Denham said: “Data protection law reforms put consumers and citizens first. People will have greater control over how their data is used and organisations will have to be transparent and account for their actions. This is a step change in the law; charities need to take steps now to ensure they are ready.”


Cross-organisation impact

Commenting on the news, Tony Connor, head of marketing in the EMEA region at managed hosting services and data centres provider, Datapipe said: “The report should be a significant cause for concern. GDPR brings in the most sweeping changes to data regulations since the Data Protection Act of 1998, and all charities which handle personal data, regardless of size, need to be compliant.

“The costs of non-compliance are potentially catastrophic. GDPR will impact all charity departments, from marketing, to sales, to IT: the compliance requirements that arrive with these sweeping new data protections rules should not be underestimated.

“Understanding data responsibilities, as well as the nature and location of data is key. All charities need to be paying much closer attention to the security of their IT infrastructure and, fortunately for those charities unaware of GDPR, it is not too late to implement changes and become compliant with the imminent regulations.”