Fifty-five per cent of UK small businesses are still not familiar with the General Data Protection Regulation (GDPR) despite its introduction being now less than a year away, says Collyer Bristow, the leading law firm.
Collyer Bristow’s survey further reveals that the knowledge of GDPR is higher in larger businesses. However, 30 per cent of executives at companies with over 1,000 employees say they are still not familiar with the General Data Projection Regulation (GDPR).
Collyer Bristow’s research also finds that 18 per cent of businesses said they would be at risk of going insolvent if they were forced to pay the new, higher maximum fines allowable. Under the GDPR, organisations that breach it will be subject to fines of up to €20 million or four per cent of worldwide turnover, whichever is higher. Previously, fines were set at a maximum of £500,000.
The new GDPR makes a significant tightening of data protection compliance regulation and comes into force on 25 May 2018. It harmonises data protection rules across the European Union and applies to all organisations collecting personal data.
Lack of knowledge of the GDPR across all businesses is still high, with more than a quarter (27 per cent) of senior decision-makers at all UK businesses not familiar with the upcoming changes.
The worst performing sectors include real estate and construction, where 35 per cent of senior decision-makers across all real estate businesses admit they are not familiar with General Data Protection Regulation (GDPR).
Further findings from the research reveal:
- 57 per cent of businesses’ senior management have little or no direct involvement with data protection
- 34 per cent of businesses have no plans to perform a data risk assessment in 2017
- 23 per cent of business have no data breach contingency plan in place
- 20 per cent of businesses have still taken not steps to prepare for the GDPR
Patrick Wheeler, partner and head of intellectual property and data protection at Collyer Bristow, comments, ‘Our Survey shows that a lot of businesses – particularly SMEs – in the UK still have a long way to go to be GDPR-compliant by May, and the clock is ticking. This is despite all the recent publicity.
‘It cannot be overstated just how far reaching a change the GDPR will be to the data protection landscape in the UK. It impacts any business that deals with personal data – no matter how small.
‘The potentially-enormous penalties mean that no business can afford to treat its data protection policies and procedures as a low priority.
‘With nearly one in five businesses saying they would be at risk of going insolvent if they had to pay the maximum penalty, data regulation compliance can potentially have wide reaching consequences for the whole firm.
‘The new regime comes at a time when data is becoming increasingly important to businesses. Owning and exploiting customer data is now a key part of a business’ competitive strength – meaning the GDPR really is raising the stakes.
‘The good news is that businesses still have time to get their data protection in order, so long as they act quickly. A business that starts working on this today can be a compliant business on day one of the GDPR.’