According to a new survey small UK businesses, nearly 25% of them have still not started to prepare for the new European Union Data Protection Regulations which are now less than a year away. This is despite the fact that the new regulations will dramatically change the way that businesses are required to handle data.
GDPR when it comes in on May 25 2018 will dramatically change the concept of personal data and will expand its definition to include people’s IP addresses and online names as well as forcing organizations to gain explicit consent to use people’s data. The main aim of the new General Data Protection Regulations is to make it easier for European Union Citizens to find out what data organisations hold on them as well as giving them more details about how their data is handled as well as what it is being used for.
Other changes will include people having the right to port all of their data from one organisation to another and to know when their data has been compromised or hacked. People will also have a right to be forgotten too, which will require an organisation to delete people’s personal data when asked. These changes are substantial and are being massively underestimated by the vast majority of small businesses and organisations.
The situation is more critical when one considers the fines that organisation face if they do not comply with the new European Union General Data Protection Regulations. Any organisation that suffers a data breach can face fines of up to €20 million or four per cent of their annual global turnover, whichever is more. This compares to the current maximum fine that stands at just £500,000 in the United Kingdom.
The survey of 253 small businesses with less than 500 employees by NetApp found that the major issue was a lack of understanding and awareness about the new regulations with just 7% of small businesses saying that they fully understand the implications of the new regulations and 14% admitting that they don’t even know what GDPR is.
Martin Warren, of NetApp has said that these figures make worrying reading. “The risks of non-compliance for a smaller business could be catastrophic — by virtue of size, they are even more vulnerable to the hefty fines for non-compliance.”
This agrees with the results of another survey that was released earlier this month by leading online security firm Sophos. This found that just 6% of UK businesses regarded compliance with GDPR as a priority. When shown the figures of the fines that they could face for non-compliance, one in five respondents said that such as fine would force them to close and more than a third say that it would force them to make redundancies. Talking about their findings, Sophos John Shaw said:
“Getting ready for GDPR is a long process. If regulators demonstrate that they are prepared to impose the maximum fines in May 2018, then businesses will seriously regret not being prepared.”