With less than five months before the new General Data Protection Regulations (GDPR) come into force, researchers have found that the majority of small businesses (SMEs) are still not fully prepared for the changes which will affect them.
A quarterly survey conducted as part of the Close Brothers Business Barometer, found that of the 900 owners and senior managers questioned, many had concerns about GDPR compliance.
Less than a third of respondents (31 per cent) of SMEs answered with a clear yes when asked: “are you clear what ‘personal data’ means in a business context?” By comparison, 50 per cent replied less confidently saying “sort of” whilst the remaining 19 per cent admitted that they had no idea.
On a more positive note, 73 per cent of SMEs categorically stated that they do not share customers’ personal data with third parties, although 8 per cent openly admitted that they shared customers’ details and a further 18 per cent were unsure whether or not they did so.
Less than half (48 per cent) of those surveyed claimed to fully understand the new and extended rights that customers will have once GDPR comes into force in May 2018.
The new regulations, which are designed to improve the safety and security of all personal data held by organisations across Europe will still be binding in the UK after Brexit. Any organisation which breaches the new rules could be ordered to pay fines of up to 4 per cent of its turnover.
In a nutshell, GDPR will mean:
- You need to obtain explicit consent for data to be held – i.e. ‘opt-in’ rather than ‘opt out’
- Records need to be kept up to date, must not contain personal information that is not strictly necessary and must not be stored for longer than is required for the specified purpose
- Data must be more securely processed to protect against cyber-attacks
- Customers now have a ‘right to be forgotten’ – meaning that you must remove their data permanently on request
- Any breaches must be reported promptly and without delay
Matthew Johnson, an Associate Solicitor who specialises in commercial law, said: “The clock is ticking and many small businesses are still not getting to grips with the imminent changes to data protection which will significantly affect them.
“A potential breach could not only lead to a huge fine but also cause reputational damage to a business. It is important, therefore, to ensure that you are fully up to speed with the full implications of GDPR, well in advance of May 2018.”
For help and advice on the implications of GDPR and how your organisation can be fully prepared for the new legislation, please contact us.