Despite having been in place for over six months, the vast majority of small and medium sized enterprises (SMEs) remain deeply unaware of General Data Protection Regulation (GDPR), according to research by Hiscox.

The insurer found that 90% of SME owners are unaware of the new rights that GDPR gives consumers, while 39% have no idea who the law affects.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

Related Company Profiles

View all

96% are also unaware of the maximum fine for breaching GDPR, which is particularly concerning given that it is a punishing £17m or 4% of annual global turnover.

Perhaps most significantly, Hiscox found that over half of SME owners are now less aware of what GDPR actually is than they were half a year ago.

As PPI dries up, SMEs GDPR risks could rise

Consumers are getting increasingly savvy about the use of their personal data, but other factors could also contribute to an increase in GDPR cases against SMEs.

Claims regarding payment protection insurance (PPI) have been a key focus of UK consumer rights over the past few years, however this is set to dry up within the year, GDPR could see a rise.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“I think we will only see this increase as awareness is raised amongst consumers of their additional rights, and I can also see a greater number of law firms looking to commence group litigation for individuals, especially as PPI claims dry up,” said Stephen Ridley, lead cyber underwriter for Hiscox.

“Going through the process and mitigating the potential for a data breach will always stand a company in good stead in the long run, as we’ve seen the damage to reputation that data breaches can have.

“Compliance with GDPR doesn’t mean that a company is guaranteed not to have a breach, but compliance will mean that the company is best positioned to respond in the event that the worst does happen, which is equally as important in protecting their reputation.”