Report finds two thirds of SMEs unprepared for GDPR
When software developer Reckon surveyed UK small business owners, nearly two thirds (62%) admitted to not understanding upcoming data protection legislation, GDPR, and seven percent admited to knowing nothing at all about what will shortly become British law. Only six percent of those surveyed said that they understood GDPR very well. The General Data Protection Regulation (GDPR) is a new set of pan-European regulations designed to strengthen and unify data protection across the continent.
Despite Britain leaving the European Union, these regulations are still set to become part of UK law in May 2018. GDPR is designed to provide clear and concise guidelines for sharing and using personal data.
Although action is required by all businesses in order to comply with these rules, just over a third of SMEs in the UK (39%) have taken any steps to prepare their business for its implementation.
Of those that have begun to prepare, only one in ten (12%) had investigated whether or not their business is affected by GDPR, seven percent had prepared or updated the business’ data security breach plan and just six percent had appointed a Data Protection Officer.
Mark Woolley, Commercial Director for Reckon Software’s Virtual Cabinet, said: “It’s slightly concerning to see that most SMEs here in the UK don’t understand GDPR and how it will affect their business, despite it becoming UK law in less than a year’s time. It’s especially worrying as so much of our business is now managed digitally, placing digital security at the forefront of what we do whether we realise it or not.
“Failure to comply with GDPR can result in fines or punishment. In extreme cases, businesses could see themselves facing a fine that equals between two and four percent of their global revenue – a sum of money no business wants to part with when simple steps could’ve meant that it didn’t need to happen.
“I’d urge SME decision makers to seek the necessary advice to ensure their business is ready, and wherever appropriate, check that the software they’re using makes complying with these rules easy to understand and simple to conduct.”
The top five recommended steps for any SME looking to comply with GDPR, include:
- Considering whether or not the business has new obligations as a data processor and reviewing privacy notices and policies to check they are GDPR compliant
- Preparing or updating the business’ data security breach plan
- Appointing a Data Protection Officer
- Auditing consents to check data is lawfully processed and setting up an accountability framework to monitor data security procedures
- Auditing international transfers to check the business has lawful basis to transfer data abroad.