We’re just a day short of the one-year anniversary of GDPR and still the majority of UK businesses are in breach of the rules set out in the European Union (EU) law.

According to CybSafe’s research of 250 UK business decision makers, just 57 per cent of organisations believe they are compliant with GDPR. More alarmingly, 56 per cent of respondents admitted that their business had failed to request content to store sensitive data, while 16 per cent had knowingly ignored subject access requests.

The figures make for concerning reading and show the EU’s regulation has failed to truly put the EU population in control of their data.

The research also found that just 39 per cent of businesses view cybersecurity as a high priority within senior management. Meanwhile, only 37 per cent have amended their cybersecurity policies or processes because of the legislation, and a lowly 32 per cent said that cybersecurity training had become a priority.

“GDPR may have benefited consumers by emptying their inboxes of unwanted mail, but in terms of sparking action amongst businesses, it hasn’t been universally impactful,” said Oz Alashe, CEO and founder of CybSafe. “While things have changed for the better in some areas, a large number of organisations are still falling well short of the standards that the legislation has laid out. One whole year on from its introduction, this is disappointing to say the least.

“It’s vital that businesses do take GDPR seriously, and not just because they fear a fine. Enforcing GDPR properly helps businesses protect their reputation and their precious information. The legislation is an opportunity to clean up data, to understand what data needs to be retained, and to reduce the risk of being the victim of a data scandal caused by poor privacy practices.”