Report finds two thirds of SMEs unprepared for GDPR

10th July 2017
Posted By : Alice Matthews
Report finds two thirds of SMEs unprepared for GDPR

When software developer Reckon surveyed UK small business owners, nearly two thirds (62%) admitted to not understanding upcoming data protection legislation, GDPR, and seven percent admited to knowing nothing at all about what will shortly become British law. Only six percent of those surveyed said that they understood GDPR very well. The General Data Protection Regulation (GDPR) is a new set of pan-European regulations designed to strengthen and unify data protection across the continent.

Despite Britain leaving the European Union, these regulations are still set to become part of UK law in May 2018. GDPR is designed to provide clear and concise guidelines for sharing and using personal data.

Although action is required by all businesses in order to comply with these rules, just over a third of SMEs in the UK (39%) have taken any steps to prepare their business for its implementation.

Of those that have begun to prepare, only one in ten (12%) had investigated whether or not their business is affected by GDPR, seven percent had prepared or updated the business’ data security breach plan and just six percent had appointed a Data Protection Officer.

Mark Woolley, Commercial Director for Reckon Software’s Virtual Cabinet, said: “It’s slightly concerning to see that most SMEs here in the UK don’t understand GDPR and how it will affect their business, despite it becoming UK law in less than a year’s time. It’s especially worrying as so much of our business is now managed digitally, placing digital security at the forefront of what we do whether we realise it or not.

“Failure to comply with GDPR can result in fines or punishment. In extreme cases, businesses could see themselves facing a fine that equals between two and four percent of their global revenue – a sum of money no business wants to part with when simple steps could’ve meant that it didn’t need to happen.

“I’d urge SME decision makers to seek the necessary advice to ensure their business is ready, and wherever appropriate, check that the software they’re using makes complying with these rules easy to understand and simple to conduct.”

The top five recommended steps for any SME looking to comply with GDPR, include:

  1. Considering whether or not the business has new obligations as a data processor and reviewing privacy notices and policies to check they are GDPR compliant
  2. Preparing or updating the business’ data security breach plan
  3. Appointing a Data Protection Officer
  4. Auditing consents to check data is lawfully processed and setting up an accountability framework to monitor data security procedures
  5. Auditing international transfers to check the business has lawful basis to transfer data abroad.

You must be logged in to comment

Write a comment

No comments




Sign up to view our publications

Sign up

Sign up to view our downloads

Sign up

Factories of the Future Expo 2018
28th February 2018
United Kingdom Manchester
Embedded Systems and MtoM & Objets Connectés
21st March 2018
France Paris expo Porte de Versailles
ICMIM 2018
16th April 2018
Germany Munich
IoT Tech Expo 2018
18th April 2018
United Kingdom Olympia, London
The Security Event 2019
9th April 2019
United Kingdom NEC, Birmingham