More than a third of British businesses admit they are still not GDPR compliant.

After a spring and summer where customers were bombarded with emails telling them about the changes, a survey of more than a thousand firms by, said 37 per cent confess they are still not following the General Data Protection Regulation (GDPR).

When asked, 35 per cent said they are still sending marketing emails without the express consent of everyone on their email lists.

And 31 per cent said they still have the data of those who haven’t agreed to opt in to having their data stored.More than one in four, 27 per cent revealed that they haven’t secured that data in case of a ransomware attack and a further 22% who say they have a longer process for those choosing to opt out from receiving information.

Gareth Hoyle, managing director at said: “The research shows there are many ways that businesses are admitting to not following the newly enforced GDPR regulations. GDPR is the most fundamental change to ever happen to data privacy, so it is imperative that businesses follow this and complete the process as soon as possible.

“They need to understand that acting responsibly and ethically with customer data is crucial to protect and enhance brand reputation and ensure customer trust. Not only this, but it will enhance the quality of data collected which is a good thing for UK businesses.”

Surprisingly, 17% admitted they are still unsure as to what the benefits of being GDPR compliant are.

According to the survey, those working in technology were revealed as the worst culprits when it comes to GDPR compliance with 42%, followed by those within the retail sector (26%).