As Europe gears up for the introduction of the General Data Protection Regulation (GDPR), a government-funded survey finds that less than half of UK charities have heard of the new data protection laws. 


In a survey of both business and charities, just 44 per cent of charities in the UK said they had heard of GDPR.


The survey report, Cyber Security Breaches Survey 2018: Preparations for the new Data Protection Act, revealed that among those aware of GDPR, just over a quarter of charities had made changes to their operations in response to GDPR’s introduction. This however equates to two thirds of those in the largest income band (£5 million+) and just 13% of those in the lowest income band (<£10,000).


Of the charities that said they had made cyber security changes, creating or changing policies was the most common change recorded, with just over a third having done so.


Speaking at January’s Davos 2018, the UK secretary of state for digital, culture, media and sport, Matt Hancock said:

“We are strengthening the UK’s data protection laws to make them fit for the digital age by giving people more control over their own data. And as these figures show many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill.”


This survey echoes the findings of EFA’s recent Fundraising in Europe 2017 report. It revealed that most national fundraising associations had indicated that charities in their nation were under-prepared for the new regulations, with extensive changes required for many in the way they approach supporters if they are to be compliant with the GDPR when it is implemented in May.