Credit: rawpixel.com/PxHere

The importance of data to the UK economy – and the need for organisations to effectively protect it – has been underscored in a report published by the government that found that the vast majority of businesses collect and use data of some kind.

Of the 4,500 companies surveyed, 81% said they handle digitised personal data, digitised non-personal data, or both, with the use of such information increasing 100% as businesses become larger. 

Around three quarters of businesses said they collect data from sources other than employees and, of those, 93% said the information comes from people volunteering information, for example if a new customer registers with them.

Non-personal data, such as sales or stock-level information, was also found to be common, with around half the survey’s respondents indicating that they generate that type of data.

Related content

• Cyber Week: what now for the UK’s data-protection regime?
• Users will have more control over personal data under new regulatory regime, minister pledges
• Minister: ‘Exact alignment to EU law is not a requirement for data adequacy’

The report, which was compiled on behalf of the government by market research company IFF Research, found that the use of data has become more prevalent in recent years and that most businesses have found using it to be beneficial.

“Around half the businesses that use digital data said that data had become more readily available in the last 10 years,” the report states. “We asked these particular businesses about the advantages this gave them and around half said that it had enabled them to innovate and perform new functions. An even larger proportion, around 60%, said that it had led to efficiency improvements.”

Any personal data collected, processed or used by businesses is subject to the requirements of the UK Data Protection Act of 2018, the enforce of which is overseen by the Information Commissioner’s Office. 

Since the data-protection regime was overhauled in 2018, the ICO has had the power to impose much bigger fines on organisations that breach the rules. Prior to the introduction of the new legislation, the biggest financial penalty available to the watchdog was a flat £500,000. 

The DPA provides for fines of up to £18m or 4% of the organisation in question’s global turnover – whichever figure is the larger. In 2020, the ICO hit British Airways and the Marriott hotel with respective penalties of £20m and £18.4m for failing to protect their customers’ data – and even these huge fines were a long way reduced from the originally proposed penalties of £183m and £99m. The reduction in the scale of the fines was attributed, in part, to the impact of the pandemic on the business of the two firms in question.