Despite having been in place for over six months, the vast majority of small and medium sized enterprises (SMEs) remain deeply unaware of General Data Protection Regulation (GDPR), according to research by Hiscox.
The insurer found that 90% of SME owners are unaware of the new rights that GDPR gives consumers, while 39% have no idea who the law affects.
96% are also unaware of the maximum fine for breaching GDPR, which is particularly concerning given that it is a punishing £17m or 4% of annual global turnover.
Perhaps most significantly, Hiscox found that over half of SME owners are now less aware of what GDPR actually is than they were half a year ago.
As PPI dries up, SMEs GDPR risks could rise
Consumers are getting increasingly savvy about the use of their personal data, but other factors could also contribute to an increase in GDPR cases against SMEs.
Claims regarding payment protection insurance (PPI) have been a key focus of UK consumer rights over the past few years, however this is set to dry up within the year, GDPR could see a rise.
“I think we will only see this increase as awareness is raised amongst consumers of their additional rights, and I can also see a greater number of law firms looking to commence group litigation for individuals, especially as PPI claims dry up,” said Stephen Ridley, lead cyber underwriter for Hiscox.
“Going through the process and mitigating the potential for a data breach will always stand a company in good stead in the long run, as we’ve seen the damage to reputation that data breaches can have.
“Compliance with GDPR doesn’t mean that a company is guaranteed not to have a breach, but compliance will mean that the company is best positioned to respond in the event that the worst does happen, which is equally as important in protecting their reputation.”