Less than half of charities have heard of the General Data Protection Regulation even though it is due to come into force later this year, according to new research published by the Department for Digital, Culture, Media & Sport.
The GDPR is a new, stringent data-protection law introduced by the European Union that is being passed into British law as the Data Protection Bill.
But the research, which was commissioned by the DCMS and carried out by the polling firm Ipsos MORI and the University of Portsmouth, found that only 44 per cent of the 569 charities surveyed said they had heard of the legislation.
Even among the largest charities – those with 250 employees or more – only three-quarters of the charities surveyed said they were aware of the GDPR.
This fell to 37 per cent among micro-charities of between two and nine employees, and about half of small and medium-sized charities.
The research found that only 13 per cent of charities with incomes of £10,000 a year or less had made changes ahead of the GDPR’s introduction, compared with 66 per cent of charities with incomes of more than £5m.
The research also found that only 36 per cent of charities had changed or created new policies and procedures to prepare for the introduction of the GDPR.
The GDPR is due to come into force on 25 May, and organisations could face fines of up to 4 per cent of their global turnover if they breach the new regulations.
Only 10 per cent of the charities surveyed said additional staff training or communications about the GDPR had taken place, and only 12 per cent had updated anti-virus software as a result.
Matt Hancock, the culture secretary, said: "We are strengthening the UK’s data-protection laws to make them fit for the digital age by giving people more control over their own data.
"And as these figures show, many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill.
"There is a wealth of free help and guidance available from the Information Commissioner’s Office and the National Cyber Security Centre, and I encourage all those affected to take it up."
Earlier this month, the ICO published a GDPR guide for charities, which gives advice on 12 areas related to the new data-protection rules.