In recent research revealed by βShred-itβsβ seventh yearly Security Tracker report, around 84% of smaller UK companies have no idea about the upcoming General Data Protection Regulation changes, or GDPR.
The survey was conducted across 1000 owners of small companies in the UK, and found that although 87% claimed that they had a basic understanding of their legal requirements in the industry, only around 14% were able to identify the fines associated with the new GDPR regulations (either 4% of turnover, or up to 20 million).
As the appearance of the GDPR delivers strict new laws regarding the security of data that belongs to people across the European Union, companies that fail to understand itβs guidelines could be placing themselves at serious risk.
Worrying News for the UK
According to technology and compliance lawyer, Cordery, itβs worrying to see that so many small business owners have no knowledge of GDPR. For small companies in particular, itβs likely that GDPR will have a significant impact on the market. For instance, if we examine Subject Access Requests, or βSARsβ, these elements could take around 100 man-hours to complete without fee under GDPR.
Itβs also quite concerning that businesses arenβt able to identify the potential fine that they could be hit with. Itβs part of the responsibility of management within organisations to understand the level of risk facing their company, and take the right steps to avoid that risk. For many businesses, 4% of their turnover is a huge problem, and a fine of 20 million in euros could cause some companies to go into bankruptcy.
The Problems Arenβt Limited to Small Companies
Interestingly, the lack of understanding surrounding GDPR was not limited to smaller companies. Around 43% of senior executives for larger businesses that were polled also admitted that they were unaware of the upcoming regulation, with over two-thirds completely oblivious regarding the monetary punishments in question. Whatβs more, in the respondents who claimed to be aware of the change in legislation, only around 40% of senior executives had taken any action to prepare for GDPR, though 60% believed that their company would need to make changes to their security policies.
As we come closer to the deadline for the new regulations, itβs important for companies of all shapes and sizes to start making a proactive approach in preparing for the upcoming GDPR. From implementing new staff training, reviews, and internal processing audits, to ensuring greater transparency around the use of personal information, businesses need to understand how the legislation will impact their companies.
Support for Businesses
Important aspects of the government, such as the ICO, or (Information Commissionerβs Office), will need to take steps to help businesses become GDPR ready. This might include helping them to understand the urgency and preparation required to start acting now. The risks of falling behind are too significant to ignore, and Businesses that canβt show an understanding of GDPR will risk losing essential customers if they canβt handle data properly.
Β
Β
