New research shows less than 30% of UK businesses feel ready for new data protection regulations.

The European Union General Data Protection Regulation (GDPR) has given individuals more control over their personal data, and has toughened the requirement for companies to obtain legal consent to use that data.

Insurers must meet tougher quality requirements on legal consent to process personal data.

Customers can object to having their data used for insurance activities, unless the insurer has legitimate and compelling reasons.

Only 27.6% of UK businesses feel they are completely compliant with the GDPR, according to the QBE research. About 52% have “some” awareness of it and 12.2% have none. Only 29.2% are “completely” aware of the regulations.

About 28% of businesses say personal data use is critical to their business model. Only 12.3% have cyber insurance.

Businesses will have 72 hours to report data breaches to regulators under the new laws.

Failure will result in fines of up to €20 million ($30.98 million) or 4% of global annual turnover, whichever is greater.