Thousands of small business owners unaware of impending data protection rules

New figures suggest hundreds of thousands of small businesses are unaware of the new rules governing data protection that are due to come into force in the coming months.

According to data from challenger bank, Aldermore, 40% of small and medium-sized businesses in London (420,000) have not heard of the General Data Protection Regulations (GDPR), which are rules to be adopted EU-wide – including the UK even after it leaves the European Union.

Subsequently, businesses’ failure to comply with the new regulations will be at risk of heavy and potentially damaging financial penalties.

The GDPR will require businesses to report any breaches of sensitive data and give their customers the right to be forgotten i.e. removed from their records and databases, among other regulations.

Almost two-thirds of business owners surveyed admitted to experiencing some form of data breach, resulting in many of these firms being open to fines for failing to report the breaches. Only 7% of businesses surveyed were fully clued-up on GDPR and its implications for their businesses.

Carl D’Ammassa, business finance group managing director, Aldermore, said: “The GDPR is the biggest shake-up in data protection to date and the results are worrying when looking at the amount of businesses that are unaware of the impact it will have on them.

“Data privacy, the appropriate use of customer information and breach notifications all need to be taken incredibly seriously.

“This is made especially apparent when one considers the increased sanctions businesses face if they don’t keep to the new regulations, including regular data protection audits, and fines of up to £20m or 4% of their annual turnover for the most serious validations.”

Aldermore’s survey of senior executives also found that the majority fear their business being affected by cyber-crime. Despite this, only a third said that protecting themselves from cyber-crime was a high priority. Almost a quarter admitted to not having enough time to implement the necessary protective measures and a further one-in-ten said they didn’t have the budget to ensure their business was safeguarded from potential attacks.

Last updated: 25th September 2017