Included in this Data Issues Roundup: ICO survey shows lack of trust with how organisations are storing data and IT businesses behind the curve on GDPR readiness.

United Kingdom

ICO survey shows lack of trust with how organisations are storing data

An ICO survey has revealed that most UK citizens don't have trust in organisations storing their personal data, with 80 per cent lacking confidence.

The survey also showed that British adults are generally unfamiliar with how organisations are using their personal information.

Steve Wood, the ICO's Deputy Commissioner, said the key to improving trust was to put data protection at the centre of digital businesses strategies. With this in mind, the ICO has set as one of their main goals for the next few years an aim to increase public trust and confidence in data.

Other significant findings of this survey include:

• a greater trust in public bodies than private organisations in respect of holding or sharing personal data;
• only 12 per cent of adults have trust in social messaging platforms for handling their personal data; and
• the older generation are more likely to speak out in regards to trust and confidence issues with companies storing their persona data.

IT businesses behind the curve on GDPR readiness

A survey by learning provider Litmos Heroes, has revealed that 22 per cent of UK businesses have recruited staff to tackle impending changes from the new General Data Protection Regulations (GDPR).

However, of the 500 UK business owners surveyed, almost 30 per cent admitted they had done nothing towards being GDPR ready and 11 per cent said they didn’t know which of their team members would ensure their organisation complied with GDPR.

The findings also raised a number of concerns amongst IT businesses, with one in ten unaware of GDPR and a worrying 4 per cent admitting they currently don't comply with UK data protection laws.

The survey results paint a stark picture of how many businesses are yet to tackle their implementation of GDPR in May 2018; particularly those in the IT sector. Providers of IT services often are the processors of incredibly large amounts of personal data and many for the first time will have statutory obligations (as data processor). In light of the greater obligations of transparency, awareness and increased data subject rights, organisations that fail to meet the requirements of the regulation could face large fines of up to €20m or four per cent of their annual global turnover (whichever is greater). Addleshaw Goddard's data team would be happy to discuss any queries IT businesses have ahead of the upcoming GDPR.