1. Business
  2. Tech in business
February 7, 2019updated 08 Feb 2019 10:13am

SMEs remain largely clueless about GDPR – and the impact could be devastating

By Lucy Ingham

Despite having been in place for over six months, the vast majority of small and medium sized enterprises (SMEs) remain deeply unaware of General Data Protection Regulation (GDPR), according to research by Hiscox.

The insurer found that 90% of SME owners are unaware of the new rights that GDPR gives consumers, while 39% have no idea who the law affects.

96% are also unaware of the maximum fine for breaching GDPR, which is particularly concerning given that it is a punishing £17m or 4% of annual global turnover.

Perhaps most significantly, Hiscox found that over half of SME owners are now less aware of what GDPR actually is than they were half a year ago.

As PPI dries up, SMEs GDPR risks could rise

Consumers are getting increasingly savvy about the use of their personal data, but other factors could also contribute to an increase in GDPR cases against SMEs.

Claims regarding payment protection insurance (PPI) have been a key focus of UK consumer rights over the past few years, however this is set to dry up within the year, GDPR could see a rise.

“I think we will only see this increase as awareness is raised amongst consumers of their additional rights, and I can also see a greater number of law firms looking to commence group litigation for individuals, especially as PPI claims dry up,” said Stephen Ridley, lead cyber underwriter for Hiscox.

“Going through the process and mitigating the potential for a data breach will always stand a company in good stead in the long run, as we’ve seen the damage to reputation that data breaches can have.

“Compliance with GDPR doesn’t mean that a company is guaranteed not to have a breach, but compliance will mean that the company is best positioned to respond in the event that the worst does happen, which is equally as important in protecting their reputation.”

Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.