Nearly half of British small and medium business owners have never heard of the incoming EU General Data Protection regulation, according to Aldermore’s Future Attitudes survey.
The data also revealed that only one in ten enterprises had taken steps to fully comply with the new rules that will apply from May 2018, with the rest saying they did not understand requirements or needed further guidance.
55% also said they were not concerned by the impact from possible cybercrime. This was despite the fact that two-thirds of the survey’s enterprises experienced cyberattacks at some point in their lifetime.
Carl D’Ammassa, Aldermore’s group managing director for Business Finance, called the results “worrying”.
“Data privacy, the appropriate use of customer information and breach notifications all need to be taken incredibly seriously. This is made especially apparent when one considers the increased sanctions businesses face if they don’t keep to the new regulations,” he said.
He added: “The danger of cyber-attacks for all businesses, not just SMEs, is an ever present one and is something that is likely to increase as economic activity moves to the digital world. With these attacks having a significant financial and reputational impact on a business, it is crucial all SMEs take adequate time to analyse and protect themselves against this threat.”
The GDPR comes into effect next May, and businesses from across the globe will have to comply with its practices if they want to offer goods and services in Europe. Personal data will have to be stored in a format that’s transferrable and erasable if the customer so wishes.
Most importantly, businesses will have to appoint a dedicated data protection officer, and notify customers of any data breach within 72 hours.
Fines for not complying are hefty: businesses will have to pay 4% of their annual turnover or €20m (£18m), whichever is biggest.
Only half of business owners interviewed by Aldermore said they have policies in place to deal with data breaches, though not necessarily ones that comply with the GDPR. More than one in ten outright stated they could not afford to adequately protect their data.