Small firms express data protection regulation concerns

The implementation date for new General Data Protection Regulation is just months away yet new research suggests many small firms lack awareness over how it will work.

According to PORT.im, only 27% of business leaders believe GDPR applies to them, while 7% have failed to get adequate consent when collecting customer data.

Of those who believed the new regulations would not apply to them, nearly three quarters revealed they collected personal data, meaning that the rules would in fact apply.

Also of concern, was that 55% of owners were unaware of GDPR, which echoes other studies which have consistently shown a low level of awareness.

Just 35% of firms have consent records relating to consumer data while 19% revealed they had asked for permission but have not kept data on file.

A third of businesses said they believed they did not require consent to collect and store data, meaning they could fall foul of the regulations when they are introduced.

Firms need to take notice of their responsibilities, as a failure to comply with GDPR could see companies fined 20 million or 4% of their annual turnover, whichever is higher.

In the long term that could severely damage the business's reputation, while also resulting in a loss of business.

Firms may also be placed under severe financial pressure and may even be forced into insolvency if they are unable to recover.

Recognising potential areas of risk is therefore essential, which is why firms may opt to undertake independent business reviews in order to ensure a financial stable future.

Those behind the latest survey have expressed concerns that a similar proportion of firms remain unaware of GDPR, despite widespread coverage.

As a result, Britain's small firms have been urged to consider their responsibilities, with PORT.im CEO Julian Saunders warming businesses to 'get smart fast'.

He added that being both ethical and responsible when handling data is key to ensuring consumer trust and preventing brand damage.

When GDPR comes into force in May this year, customers must be able to request, amend and delete any personal data that a business has, should the consumer request it. The collection of data will also require explicit consent.

By Phil Smith

 

If you would like to have a free no obligation chat with one of our advisers please call us on 0207 186 1144.

View all Business Insights