Three-quarters of Britain’s small and medium-sized businesses are unprepared for the introduction of strict new EU data laws designed to protect people’s private information following a number of high profile data breaches, a merchant bank has warned.
According to a survey from Close Brothers, just one in four small and medium-sized enterprises (SMEs) in Britain have begun their compliance preparations ahead the new rules that come into effect next May, risking huge fines as a result.
Failure to be ready in time could see firms fined up to €20m (£17.6m) or 4 per cent of their annual global turnover in the worst cases, Close Brothers said.
The General Data Protection Regulation (GDPR) will introduce more stringent requirements around how firms maintain records of personal data, and will force companies to provide greater transparency to the public when breaches occur.
The research shows that just one in three SMEs are currently aware of GDPR’s implications.
“Some of the rules sound deceptively simple, but many firms will struggle to cope because they don’t even have a clear idea of what data they currently hold on customers, or where and how it is stored,” said David Thomson, chief executive of Close Brothers’ invoice finance and rentals division.
“Making an investment now in order to prepare and protect your business is essential if you do not want to risk incurring significant financial penalties – or the major reputational damage that a public breach of the new regulation would undoubtedly cause,” he added.
The number of fines handed out to firms for breaking UK data protection laws almost doubled last year.
According to figures from the UK’s Information Commissioner’s Office (ICO) analysed by professional services firm PwC, the number of fines for data protection breaches rose from 18 in 2015 to 35 in 2016 – amounting to £3.2m in total.
In October 2016, TalkTalk was fined a record £400,000 after a cyber-attack led to the personal details of 157,000 customers being stolen.
