Latest research suggests that almost half of UK organisations have been reported to the Information Commissioners Office (ICO) over a breach, since the General Data Protection Regulation (GDPR) came into force two years ago. Findings in a new report from, Apricorn “claims a quarter of IT decision-makers reported their own organisations, while a fifth were reported by a third-party.” 
The above suggests that GDPR is highlighting data protection failings and in turn, having a positive impact upon businesses given how serious they are now taking the breaches. On the other hand, it could be that businesses are taking precautions in order to prevent any serious ramifications in the long run as suggested by, Jon Fielding, Managing Director EMEA, Apricorn.
A number of businesses have been “questioned on whether they had seen an increase in the implementation of encryption in their organisation since GDPR was enforced. Nearly four in ten (39%) have noticed an increase, and their organisation now requires all data to be encrypted as standard, whether it’s at rest or in transit.” Given the high volume of staff working from home, in light of the current situation surrounding Covid-19, more so than ever this is essential.
David Emm, Principal Security Researcher at Kaspersky stated, “Education is crucial in ensuring consumer data is securely protected, and to ward off costly cyberattacks.”  This suggests that businesses must continue and do more in order to ensure the above is achieved. Prevention is better than cure in these circumstances; the costs of training is much less than that of an attack.
Overall, GDPR is definitely having some impact on businesses, but they still need to enforce and update policies going forward. Along with this, they need to train staff adequately to reduce risk and prevent the loss of trust and more importantly, personal data.