How much do SMEs really know about GDPR?

Business Insight

In the months leading up to the enforcement of the EU’s new General Data Protection Regulations (GDPR) in May 2018, it was hard to go a day without details of the momentous amendment frequenting the press. There was (and still is) an abundance of information regarding the updated rules at our fingertips. But, just how much were we all paying attention? And, are SMEs aware of how GDPR could impact their business?

The new rules affect every company that handles personal data so it’s surprising how many business owners still lack the essential knowledge about the consequences of a GDPR breach. Could it be possible that the ‘over-distribution’ of GDPR related materials have added to the confusion?

GDPR is among the top 3 “most irritating things online” of 2018

A recent study by business insurer Hiscox found that GDPR is still a mystery among a lot of SMEs. In fact, the businesses stated that constant communication regarding GDPR was one of the top three things they found most irritating last year, alongside constant PPI phone calls and website cookies pop-ups. This suggests that the effort put in to share knowledge and guidance in advance of the regulations being activated might’ve had the opposite effect.

Many SMEs still aren’t fully compliant with GDPR

Despite the constant publicity and plenitude of information available, the study unearthed that lots of SMEs were unprepared for or didn’t fully understand the changes in regulations. For example, 96% of SME owners don’t know what the maximum fine is for breaching GDPR. Even more surprisingly, over half of those surveyed are less aware of what GDPR means now compared to when it first came into force in May. These are worrying statistics, considering the crippling consequences a data breach could bring a business.

Public awareness is on the rise

Though the survey suggests GDPR wasn’t the number one priority for many businesses in 2018, communications surrounding the introduction of the new rules has made the public more aware of their rights. Consumers are more conscious of how valuable their personal data is, and it’s been predicted that there will be an uptick in public action if consumers feel their data is being mishandled.

It can help to maintain trust from consumers

GDPR is intended to give consumers two main benefits. It will not only lead to personal information being more secure, but we should see fewer instances where data breaches aren’t widely admitted to. This means if a breach occurs, consumers must be notified quickly, which allows them to take action to secure their information, such as changing passwords, at an earlier stage.

The other main consumer benefit is the right to data portability. This means the right to have any personal data stored on them by a company ‘returned’ in a format that can be easily passed on, even to a competitor of that company. This means consumers will be able to get better deals from a number of suppliers with greater ease, although this part of the regulations has, for now, taken a backseat to the data security elements.

It’s not too late to comply

If your business isn’t fully compliant with GDPR, it’s not too late to implement new rules and procedures to ensure you’re adhering to the law.

Here are a few key facts you need to know:

  • Businesses must be absolutely clear about what personal data they are collecting and how it will be used.
  • Businesses must also obtain clear consent from consumers to use the data they collect
  • Consumers must be presented with a clear option to opt out of their data being collected or to withdraw permission for their data that might have been previously been granted
  • If a business breaches GDPR it can be fined up to 4% of the company’s global turnover or €20 million (£17.85 million), whichever is greater

Not complying with GDPR can have a devastating impact on a small business, so it’s critical that you make sure everything is done to comply with the new rules. With so many resources readily available, there’s no excuse to put it on the back burner.

Author bio: Stephen is a Lead Cyber Underwriter for Hiscox. With more than 8 years of experience specialising in cyber and data risks insurance from both a broking and underwriting perspective. He is widely regarded as a thought leader in the field, sitting on the ABI Cyber Committee and regularly speaks at industry events as well as frequently being featured in both trade and national press. Outside of work, Stephen is a keen triathlete, and as part of the Great Britain Age Group Squad, won bronze at the European Middle-Distance Championships in 2017.