Half of UK’s small firms not ready for GDPR

Wednesday, 28 February, 2018

According to the latest government survey more than half of small companies are still not ready for GDPR – the imminent arrival of the European Union’s General Data Protection Regulations.

What’s more, only 38% of small businesses had actually heard of the GDPR.

The survey found that awareness of GDPR improves among bigger firms with 66% of medium-sized and 80% of the UK’s biggest businesses claiming they were aware of the regulations.

This was also true for those companies who had actually made changes in anticipation of the upcoming regulations.

No opting out of GDPR

The new regulations will come into force on 25 May 2018 and will replace the UK’s current Data Protection Act 1998.

Compliance with the GDPR is not optional and it is not simply a question of ticking boxes.

The regulations demand that companies are able to demonstrate compliance with rigorous data protection principles.

This includes taking a risk-based approach to data protection and ensuring that the appropriate policies and procedures are in place. It also means dealing with transparency, accountability and that individuals’ rights are maintained.

All in all, companies, public bodies and charities must demonstrate they are building a workplace culture of data privacy and security.

And any UK organisation handling personal data, and that’s pretty much all of them, will need to comply with the GDPR regardless of Brexit.

Companies that fall foul of the regulations will face stiff fines upwards of £17 million or the equivalent of 4% of their global turnover.

Businesses, public bodies and charities need to take steps now to ensure they are ready.

Organisations that thrive under the new rules will be those that commit to the spirit of data protection and embed it in their policies, processes and people.

- Elizabeth Denham, Commissioner, Information Commissioner’s Office

Among larger firms some 55% had taken proactive actions. The most common of these were to create or change policies on cybersecurity, increased staff training and deploying new systems, including updating anti-virus software.

The survey is just one of a number of studies detailing the UK’s preparations or lack of them for the introduction of the GDPR.

Another government-backed survey found that the finance and insurance sectors had the highest awareness of the GDPR while the construction industry had the lowest with only one-in-four firms aware of the imminent regulations.

Meanwhile, Facebook Chief Operations Officer, Sheryl Sandberg, speaking at an event in Brussels this week said that the company would launch “educational tools” that, she said would help comply.

And in a bid to conform with the new transparency regulations, she announced that Facebook would establish a “privacy centre” for all users, which puts “core privacy settings” in one place.

Tim Bamford author picture


Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.