More than a third of smaller organisations have not heard of the new legislation and are putting themselves at risk

Small charities are still widely unaware of incoming data protection laws.

With less than 100 days until the General Data Protection Regulation (GDPR) is introduced, a survey has shown that more than a third of small charities have not heard of the new regulations.

The legislation – which will come into force on 25 May – will strengthen the rules around personal data and requires organisations to be more accountable and transparent, with potentially harsher penalties for those who do not comply. It also gives people greater control over their own personal data.

The research – carried out by charity insurer Ecclesiastical – has revealed that 36% of charities with a turnover of less than £500,000 are unaware of the forthcoming changes. A quarter (24%) of mid-size charities are unaware of GDPR, however only 4% of organisations with a turnover higher than £1.5 million said they had not heard of the reforms.

David Britton, charity director at Ecclesiastical Insurance, said: "The lack of awareness about GDPR by smaller charities is worrying because it is precisely these organisations who are the least likely to be able to deal with the fall-out of a data breach; from paying the potential fine to resourcing the legal notification of those whose data has been breached and recovering from the long-term reputational damage.”

The findings reflect those from a similar survey carried out by the UK Government last month.

Secretary of state for digital, culture, media and sport Matt Hancock said that there is still time for organisations to take action.

He said: “We are strengthening the UK’s data protection laws to make them fit for the digital age by giving people more control over their own data.

“And as these figures show many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our data protection bill.”