Businesses have been warned they need to be prepared for strict new privacy laws which could see them fined 4% of global turnover for non-compliance.
Just as criminal and activist hackers could penetrate firms and cause data breaches, so companies could breach data laws themselves in search of profits.
Fewer than half of all businesses and charities in the UK are aware of the new EU rules which come into force on 25 May, according to new research.
The Department for Digital, Culture, Media, and Sport (DCMS) is introducing a new Data Protection Bill to fill the role of the EU's General Data Protection Regulation (GDPR) after Brexit.
Speaking from Davos, the Digital Secretary Matt Hancock, said: "We are strengthening the UK's data protection laws to make them fit for the digital age by giving people more control over their own data.
"And as these figures show many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill.
"There is a wealth of free help and guidance available from the Information Commissioner's Office and the National Cyber Security Centre, and I encourage all those affected to take it up."
British technology firms are the most invested in in Europe, and the Government has stated it wants to capitalise on interest in developing artificial intelligence (AI) technology – and some of the most invested areas for AI involve handling a lot of personal data.
Companies and regulators are agreed that a strong regulatory framework is needed to protect consumers and citizens from disruptive technological developments.
Data protection is regulated in the UK by the Information Commissioner Office (ICO) and the commissioner, Elizabeth Denham.
Ms Denham said: "Data protection law reforms put consumers and citizens first. People will have greater control over how their data is used and organisations will have to be transparent and account for their actions.
"This is a step change in the law; businesses, public bodies and charities need to take steps now to ensure they are ready."
The ICO has stressed that "there will be no 'grace' period" for compliance, "there has been two years to prepare and we will be regulating from this date".
More from Tech
"But we pride ourselves on being a fair and proportionate regulator and this will continue under the GDPR.
"Those who self-report, who engage with us to resolve issues and who can demonstrate effective accountability arrangements can expect this to be taken into account when we consider any regulatory action."