Nearly half of 1200 organisations polled believe UK data protection laws are too relaxed and need revision.
For example, 87% of respondents to the survey – by IT security firm Sophos – said organisations should be forced to disclose when sensitive data is exposed.
At present, UK organisations are not required by law to disclose data breaches, but are merely encouraged to do so by the Information Commissioner's Office.
All businesses with concerns about current UK legislation should offer their views to government, said Ciaran Rafferty, vice-president of Sophos UK & Ireland.
The government is holding a public consultation on data protection legislation until 6 October and is seeking feedback on how laws can be improved.
Asked whether data protection legislation prevented the effective running of an organisation, 36% of the survey respondents said they were concerned about the burden of extra complexity and 30% were worried about extra costs.
Although 37% were confident their organisation complied with data protection legislation, 34% said they were concerned that it did not comply.
A further 15% said they were not sure whether their organisation complied with data protection legislation but they were not concerned, and 14% said they did not know.
Rafferty said this meant more than half of organisations were either concerned or unsure about whether they complied with legislation.
Awareness of the importance of data protection appears to be improving, with 20% saying their users were very aware and 41% saying they were mostly aware, but 34% still said users were mostly unaware.
"This survey underlines the need to educate, advise and then provide practical security solutions", said Rafferty.
In April, Sophos teamed up with law firm Field Fisher Waterhouse to help educate companies on current legislation and advise them on how best to comply.
Stewart Room, partner at Field Fisher Waterhouse, said, "Working with IT security experts at Sophos, we are advising companies on how to avoid data breach incidents, as well as help them deal with the aftermath and potential consequences."
This story was first published by Computer Weekly