Survey finds majority of UK small business don’t have a clue about the implications GDPR could have for them
The amount of small businesses that fully understand the effect GDPR will have on their business is a low as 4 percent, whilst 82 percent of companies have either not heard of GDPR or don’t understand its impact.
These are the findings from the latest quarterly survey of UK SME owners by Close Brothers, which said that businesses are underestimating the changes they will have to make to comply with GDPR law.
The GDPR framework was adopted last month, and businesses have two years to comply to the new data regulations or face strict punishment from data watchdogs.
“GDPR is one of the most significant and anticipated pieces of legislation conceived in the EU in recent years,” said Ian McVicar, managing director at Close Brothers Technology Services.
“It is intended to strengthen and unify data protection for individuals within the EU.”
The quarterly survey quizzed 850 SME owners across the UK and across several industries on a range of issues affecting their businesses.
The GDPR was approved earlier this year by the European Parliament in Strasbourg, and took four years to draw up. The framework essentially replaces 1995’s Data Protection Directive, which is no longer particularly suited to the age of cloud computing, big data, and social networking.
The GDPR is designed to give everyday citizens more power over their personal data, which includes the right to be forgotten.
Companies and businesses that do not comply by May 2018 will also face tough legal and financial penalties. To be exact, those not adhering to the new rules will face fines of up to 4 percent of their global revenue for the previous year, or £15 million, depending on which is greater. This dwarfs the current penalty fine today under the UK data protection act of £500,000.
Companies and businesses will also have just 72 hours to notify data officials following a breach.
Ultimately, companies now have just two years to complete a fairly comprehensive checklist to ready themselves. This includes being able to clearly identify the personal data it holds, and make an inventory of all its processing and storage activities.
Lack of understanding
“What these results demonstrate is that there is a clear lack of understanding at all levels and across all sectors,” said McVicar.
“One of the headline figures that has been focused on is the penalty for non-compliance, which is up to 4 percent of annual revenue or €20 million, whichever is the higher.
“We would like businesses to think positively about GDPR and understand how it can benefit both them and their customers.”