GDPR, security, and you
Is your business ready for GDPR?
Nov 10th 2017
With regulatory change on the horizon, it pays for SMEs to be prepared for data protection and security issues.
Only 13% of SMEs feel ready for the new requirements of the General Data Protection Regulation (GDPR).
The regulatory change will impact businesses across the UK, EU and the world, placing even more responsibility upon firms that hold private data, as well as upping the fines that can be imposed in event of a breach.
The shocking level of unpreparedness was revealed in a recent white paper from research firm IDC, The Road to the Digital Future of SMEs. 300 SMEs were approached for the survey, which concludes that more needs to be done ahead of GDPR’s implementation, not least because 21% of SMEs responded that GDPR wouldn’t apply to them.
Relevant to all
The paper says, “Security is relevant for all businesses, not just larger ones…It is interesting to point to the significant differences between larger SMEs and small SMEs, with only 13% feeling that they are ready for GDPR. A further 21% believe that GDPR does not apply to them…IDC believes that security will, and should, remain a key investment area for all companies, including SMEs, as the digital-centric nature of modern business grows – and attracts more people with criminal intentions.”
Taking security seriously
GDPR comes into effect in May 2018. In case of a breach, small businesses will face fines of up to £17.5m, and for larger organisations penalties of up to 4% of annual turnover will be imposed. While the white paper found SMEs don’t feel prepared, the improvement of cyber-security was revealed as a key priority for almost 100% of the 300 businesses that contributed to the study.
The white paper says, “Looking at technology adoption, we see that UK SMEs are starting to invest or are planning to invest in certain digital technologies, predominantly security (98%)…”
Training is the key
While GDPR will safeguard customer data, it is of course staff that will need to implement changes and ensure regulations are adhered to. The white paper picked up on what appears to be a lack of training in SMEs, something which will need to be addressed to ensure a seamless transition into GDPR.
The paper states, “…only half of the respondents felt staff are well trained for use of IT tools, even less so in smaller businesses (40%)…To IDC, the relatively low level of employee training is also indicative of under-investment in ICT: training should be part and parcel of any comprehensive digital strategy. This is especially the case in a world in which business intelligence and security are vital elements of the 24x7, borderless small enterprise of the future.”
With the prospect of fines of up to £17.5m, GDPR means all SMEs should develop a comprehensive security strategy to keep data safe and remain on the right side of the law. As the white paper states, “Speed, security and scalability will be essential to cope with growing business requirements and enable SMEs to stay nimble, flexible and close to the customer and market.”