GRC Solutions has published its GDPR Benchmark Report 2025, analysing GDPR gap-assessment data from more than 60 organisations across eight sectors. The findings reveal significant and persistent weaknesses in UK GDPR compliance, particularly in privacy by design and core data handling controls, despite the Regulation entering its eighth year of enforcement.
The report evaluates performance across nine GDPR control areas. These include governance, risk management, information management system (ISMS) maturity, privacy by design, defined roles and responsibilities, personal information management system (PIMS) implementation and data subject rights. Scores show that many organisations remain at a “limited” or “developing” level of assurance, with sector-specific challenges driving uneven levels of maturity.
“Due diligence on third parties is often lacking which means organisations have limited assurance that any personal data accessed by those partners...