With less than four months before the new General Data Protection Regulations (GDPR) come into force, researchers have found that the majority of small businesses (SMEs) are still not fully prepared for the changes which will affect them.
A quarterly survey conducted as part of the Close Brothers Business Barometer, found that many of the 900 owners and senior managers questioned had concerns about GDPR compliance.
Less than a third of respondents (31 per cent) of SMEs answered with a clear yes when asked: “are you clear what ‘personal data’ means in a business context?” By comparison, 50 per cent replied less confidently saying “sort of” whilst the remaining 19 per cent admitted that they had no idea.
On a more positive note, 73 per cent of SMEs categorically stated that they do not share customers’ personal data with third parties, although 8 per cent openly admitted that they shared customers’ details and a further 18 per cent were unsure whether or not they did so.
Less than half (48 per cent) of those surveyed claimed to fully understand the new and extended rights that customers will have once GDPR comes into force on 25 May 2018.
The new regulations, which are designed to improve the safety and security of all personal data held by organisations across Europe will still be binding in the UK after Brexit. Any organisation which breaches the new rules could be ordered to pay fines of up to 4 per cent of its turnover.
In a nutshell, GDPR will mean:
- You need to obtain explicit consent for data to be held – i.e. ‘opt-in’ rather than ‘opt out’
- Records need to be kept up to date, must not contain personal information that is not strictly necessary and must not be stored for longer than is required for the specified purpose
- Data must be more securely processed to protect against cyber-attacks
- Customers now have a ‘right to be forgotten’ – meaning that you must remove their data permanently on request
- Any breaches must be reported promptly and without delay
The clock is ticking and many small businesses and professional practices alike are still not getting to grips with the imminent changes to data protection which will significantly affect them.
A potential breach could not only lead to a huge fine but also cause reputational damage to a business. It is important, therefore, to ensure that you and your clients are fully up to speed with the full implications of GDPR, well in advance of May 2018.
If you would like to share the importance of preparing for GDPR with your clients, we have produced a free guide which is available to download.
Our guide incudes essential facts and must-knows, including:
- What you should be doing right now to prepare for GDPR
- The ICO checklist for consent
- The penalties, in depth
- How to report a data breach
- GDPR DOs and DON’Ts
We have also produced a myth-busting quiz which will separate fact from fiction and help explain the ramifications of the new regulations.