A new study suggests that small and medium-sized enterprises (SMEs) are still confused about the upcoming General Data Protection Regulations (GDPR).
The GDPR will be become law for all European Union (EU) member states – including the UK – from May 2018.
The new legislation will effectively replace the outstanding UK Data Protection Act, and will have far-reaching implications for businesses in terms of the ways in which they collect, use and store data.
It will also bring with it new and extended rights for individuals.
Despite this, a new survey of more than 900 UK SMEs suggests that many are not sure what ‘personal data’ or ‘extended rights’ actually mean under the GDPR.
In fact, 19 per cent of SMEs told the survey – which was carried out by Close Brothers – that they did not clearly understand the concept of ‘personal data’, while a further 50 per cent said that they only ‘sort of’ understood it.
Similarly, less than half (48 per cent) of SMEs said that they clearly understood the new and extended rights that the GDPR will bring for individuals.
The worrying results of the survey highlight the importance of SMEs seeking specialist advice to ensure that they are prepared for the GDPR and fully compliant by May 2018.
This is particularly important, as penalties for non-compliance with the GDPR are frighteningly high – and firms can potentially be fined up to four per cent of their global turnover or €20 million (£17.7 million), whichever is higher, for serious data breaches.