vectorfusionart - stock.adobe.co
SMEs more worried about GDPR’s threat to reputation than fines
SMEs are more worried about the damage GDPR non compliance will do to their reputations than their wallets
Despite potentially huge fines for non-compliance with the EU’s General Data Protection Regulation (GDPR), SMEs are more worried about the damage failure to comply will do to their reputations.
GDPR comes into force in the EU on 25 May. Organisations that fail to comply with the GDPR could be hit with fines of up to 4% of their annual revenue or €20m.
But according to a survey of 150 UK SMEs from CRM systems integrator SeeLogic, over half (53%) consider reputation damage as their biggest concern in relation to GDPR.
Only 17% said large fines was the biggest fear.
The survey also asked SMEs about the stage of GDPR compliance they were at. It found only 53% had a GDPR compliance plan in place, 36% said one is still being developed, and 11% had none.
It revealed a lack of awareness of where data is stored internally and across third party suppliers, and, while 23% know where all data resides, over half of respondents don’t.
A total of 71% only have partial awareness of where their data resides across third party suppliers and 6% have a total lack of awareness of where it’s located.
Read more about the GDPR
- How to be prepared for GDPR by 25 May.
- Almost a quarter of London businesses unaware of GDPR.
- Two-thirds of startups ill-prepared for GDPR.
- Why GDPR is great for SMEs.
Over a quarter (27%) could not correctly answer questions about the time-frame they have before informing authorities about a data breach.
“Our research across UK organisations indicates there’s still much work to do – in terms GDPR planning, data discovery and training dedicated staff, so they’re equipped to deal with the requirements of this complex compliance,” said Eddie Harford, managing director at SeeLogic.
What is GDPR?
GDPR replaces the EU Data Protection Directive of 1995. The new directive focuses on keeping businesses more transparent and expanding the privacy rights of data subjects. When a serious data breach has been detected, the company is required by the General Data Protection Regulation to notify all affected people and the supervising authority within 72 hours.
Mandates in the General Data Protection Regulation apply to all data produced by EU citizens, whether or not the company collecting the data in question is located in the EU, as well as all people whose data is stored in the EU, whether or not they are actually EU citizens.
According to a survey carried out by the Federation of Small Business (FSB) in February 2018, only 8% said their GDPR preparations were complete, 35% said preparations are only in the early stages and 33% said they had not yet started.
In light of this, the FSB has launched a GDPR awareness raising campaign called BeDataReady, aimed at helping 5.7 million small businesses.