GDPR was made a legal requirement for businesses in the UK over a year ago to protect people’s personal online data.

However, a new report has come out saying that 52% of organisations are not legally complying with the correct regulations that have been in place since May 2018.

The survey was conducted on 250 GDPR decision makers on behalf of the security data firm, Egress.

A warning

It was found that the group that was the least obedient was mid-sized companies who have anything between 250-999 employees. Just under 40% of firms this size admitted to having GDPR regulations, compared to 56% of large companies and 51% of small firms.

Just 35% of establishments said that GDPR compliance was a top priority before the law was put in place, but it seems this is no longer so much of a concern for people. Even after British Airways and Marriot were fined such huge amounts for not abiding by the law correctly.

“Although the authority’s announcement that it intends to fine British Airways and Marriott such staggering sums sent shockwaves through the security community, it is concerning only 6% of organisations have taken action to avoid the full potential of the legislation,” said Tony Pepper, CEO at Egress.

“These announcements should definitely have acted as a clearer warning that organisations cannot risk compliance complacency.”

The solutions must “tackle human error”

New processes into handling sensitive data was the largest area of compliance (28%) whilst 1 in 10 respondents said that user education and training had been their biggest investment.

“It’s positive to see that almost one-fifth (17%) of respondents are looking to technology as a way to mitigate breaches, but they must ensure these solutions tackle human error as the root causes of many of these incidents,” Pepper added.