UK SMEs lack awareness about risks posed by GDPR

UK SMEs lack awareness about risks posed by GDPR

New research suggests that owners and directors of SMEs based in the UK are less likely to identify risks that could impact their business than small company owners in Germany and France. And the lack of awareness is greatest over the risks posed to small businesses by the EU GDPR.

The research, collected from 1,000 SMEs in the UK, France and Germany for the Gowling WLG Digital Risk Calculator, reveals an over-optimistic picture amongst UK business owners compared to their European counterparts.

Across the board, the UK business owners consistently self-identified up to 25% fewer risks for each risk area. The risks covered by the calculator include:

  • External cyber attack
  • Loss of valuable or sensitive data
  • Regulatory issues
  • Identity theft/cloning
  • Data mishandling

The survey revealed that external cyber security risks were the top concern amongst all businesses, with 69% of respondents worried about this and 51% believing that the risk will increase over the next three years.

But the second highest category of risk was identified as data protection, according to 55% of survey respondents. And only 14% of UK businesses were aware of the fines they may face for failing to handle and protect their personal data properly. This compared with 26% of SMEs in Germany and 45% in France who were aware of the maximum fines that could be imposed.

Those SMEs who have not planned to properly comply with the data handling principles of the GDPR and the consequences of data breaches are risking their business. The threat is that serious. That is why Crises Control has launched its regulatory compliance solution to help small businesses avoid GDPR compliance issues through its incident reporting and recording functionality.

The solution ensures that SMEs can notify their staff, customers or the regulators of a data protection incident quickly and reliably. And it also requires recipients to acknowledge delivery of the message and the accompanying documents, so creating an audit trail should this be needed at a later date.

The flexible Crises Control tool also provides an automated system for incident planning, management and review, including incident simulations and real-time incident communications. The automatically generated incident audit trail provides for full accountability post-incident, as well as response tracking during the incident itself.

If you worried about GDPR and data protection breaches our latest white paper “Keep your business safe from regulatory fines” offers advice on how an incident notification solution can help you to avoid fines and other sanctions from regulators following an information security breach. Download the white paper.