Hundreds of thousands of small businesses have no clue that there are new rules governing data coming into force within months, new figures reveal,
Two in five small and medium-sized firms in London have not heard of the General Data Protection Regulations (GDPR), EU-wide rules which will be adopted by the UK after Brexit and which will leave them at risk of heavy penalties if they fail to comply.
The bosses of 420,000 businesses in the capital are not aware that they will have to report data breaches and give customers the right to be forgotten, among other regulations, according to a survey of small businesses by challenger bank Aldermore.
But nearly two-thirds of the businesses surveyed said they had suffered a breach of information, meaning many are leaving themselves open to fines. And just seven per cent of firms said they fully understood what GDPR means for their business.
“The GDPR is the biggest shake-up in data protection to date and the results are worrying when looking at the amount of businesses that are unaware of the impact it will have on them," said Aldermore's business finance group managing director Carl D'Ammassa.
"Data privacy, the appropriate use of customer information and breach notifications all need to be taken incredibly seriously. This is made especially apparent when one considers the increased sanctions businesses face if they don’t keep to the new regulations, including regular data protection audits, and fines of up to ￡20m or four per cent of their annual turnover for the most serious violations."
The survey of more than 1,000 senior executives found more than half are fearful of cyber crime and two in five bosses are concerned about the financial impact of an attack. Despite this, only a third said that protecting themselves from cyber crime as a high priority. Nearly a quarter said they just couldn't find the time, but realised it was important, while one in ten said they couldn't afford to make sure their business was secure.
"The danger of cyber attacks for all businesses, not just SMEs, is an ever present one and is something that is likely to increase as economic activity moves to the digital world," said D'Ammassa.
"With these attacks having a significant financial and reputational impact on a business, it is crucial all small and medium businesses take adequate time to analyse and protect themselves against this threat."