Only half of UK businesses are fully complying with all data privacy regulations and industry guidelines - an improvement, but not much of one.
Research from Zoho Digital found that the figure has risen from 2023's 42%, but that many businesses still need to improve their data practices.
On the plus side, transparency of data practices emerged as a growing strength, with 50% of respondents saying that their data privacy policies are clear, simple, and transparent, up from just 33% in 2023.
"According to Zoho’s Digital Health survey, businesses must improve transparency around data usage as a clear step toward ethical behaviour," said Sachin Agrawal, Zoho managing director.
“This will play an important role in improving customer experience, strengthening customer relationships."
The survey revealed that 47% of businesses now view data privacy as a critical part of their success, and that 46% conduct regular data privacy training for employees.
However, it also identified serious gaps where businesses are falling behind. Only three-in-ten businesses reported going beyond requirements to provide additional protection for customer and employee data.
This, Zoho noted, suggests that while businesses are meeting their compliance requirements, few are taking proactive steps to enhance data protection.
"In an increasingly data-driven world, organisations must prioritize data privacy throughout their operations. It is encouraging to see the growing recognition of data privacy’s role in driving business policies, but there is still a lot of progress to be made," said Agrawal.
"To unlock the full transformative potential of technologies like AI, businesses must have clear and well-defined data strategies which both protect customer and employee data but enable flexibility of use in the right way."
The report comes hot on the heels of research from ISACA, which found only a third of data privacy professionals are confident in their organization’s ability to safeguard sensitive data, and just a quarter follow Privacy by Design best practices.
Their teams underfunded, they said, and more than half told ISACA they expect budgets to decline this year.
ISACA warned that many organizations risk falling foul of GDPR and new legal frameworks such as the Digital Services Act and EU AI Act.
Recently, Charlie Bromley-Griffiths, senior legal counsel at legal document management software form Conga, told ITPro that UK businesses had made substantial strides in aligning with privacy legislation.
"Companies have implemented stronger data governance policies, enhanced security protocols and prioritized the rights of data subjects," she said. "However, challenges still remain, particularly for small and medium-sized enterprises struggling with the complexity and cost of full compliance."
