"The scale of penalties issued by the ICO in recent months should have helped focus the attention of UK business leaders on this issue."
Despite 81% of employees saying GDPR had made their business more aware of the risks of security and the need for stricter privacy regulations, 57% of firms have chosen not to introduce any new procedures or policies to increase security.
8% also claimed their business had carried on as if GDPR hadn’t come into force and paid no attention to any new privacy or security policies they might need to implement.
Small businesses in particular appear to be running a risk with GDPR compliance with just 29% having introduced new policies for data handling – despite 60% admitting to being more aware and concerned of the risks.
Ian Smith, general manager and finance director at Invu, said: “The scale of penalties issued by the ICO in recent months should have helped focus the attention of UK business leaders on this issue. You only need to consider the record £183.39 million penalty issued to British Airways for data security failures under GDPR.
“This just shows that GDPR fines are a real threat to those businesses not doing enough to protect personal data. I would have expected many more businesses to have taken at least some precautions by now- but this data suggests many have not.”