In recent research revealed by “Shred-it’s” seventh yearly Security Tracker report, around 84% of smaller UK companies have no idea about the upcoming General Data Protection Regulation changes, or GDPR.
The survey was conducted across 1000 owners of small companies in the UK, and found that although 87% claimed that they had a basic understanding of their legal requirements in the industry, only around 14% were able to identify the fines associated with the new GDPR regulations (either 4% of turnover, or up to 20 million).
As the appearance of the GDPR delivers strict new laws regarding the security of data that belongs to people across the European Union, companies that fail to understand it’s guidelines could be placing themselves at serious risk.
Worrying News for the UK
According to technology and compliance lawyer, Cordery, it’s worrying to see that so many small business owners have no knowledge of GDPR. For small companies in particular, it’s likely that GDPR will have a significant impact on the market. For instance, if we examine Subject Access Requests, or “SARs”, these elements could take around 100 man-hours to complete without fee under GDPR.
It’s also quite concerning that businesses aren’t able to identify the potential fine that they could be hit with. It’s part of the responsibility of management within organisations to understand the level of risk facing their company, and take the right steps to avoid that risk. For many businesses, 4% of their turnover is a huge problem, and a fine of 20 million in euros could cause some companies to go into bankruptcy.
The Problems Aren’t Limited to Small Companies
Interestingly, the lack of understanding surrounding GDPR was not limited to smaller companies. Around 43% of senior executives for larger businesses that were polled also admitted that they were unaware of the upcoming regulation, with over two-thirds completely oblivious regarding the monetary punishments in question. What’s more, in the respondents who claimed to be aware of the change in legislation, only around 40% of senior executives had taken any action to prepare for GDPR, though 60% believed that their company would need to make changes to their security policies.
As we come closer to the deadline for the new regulations, it’s important for companies of all shapes and sizes to start making a proactive approach in preparing for the upcoming GDPR. From implementing new staff training, reviews, and internal processing audits, to ensuring greater transparency around the use of personal information, businesses need to understand how the legislation will impact their companies.
Support for Businesses
Important aspects of the government, such as the ICO, or (Information Commissioner’s Office), will need to take steps to help businesses become GDPR ready. This might include helping them to understand the urgency and preparation required to start acting now. The risks of falling behind are too significant to ignore, and Businesses that can’t show an understanding of GDPR will risk losing essential customers if they can’t handle data properly.
