Small businesses could fail to meet EU data protection rules
The majority of SMEs in the UK are failing to prioritise online security despite impending EU legislation that could still apply to British businesses.
The EU’s General Data Protection Regulation (GDPR) was adopted in April 2016 and is scheduled to come into force within two years.
The UK has of course voted to leave the EU but, while the timetable for Brexit is still to be finalised, GDPR could still have a bearing on UK businesses.
The Information Commissioner’s Office (ICO) has confirmed that if the UK wants to trade with the single market on equal terms, it would have to prove ‘adequacy’. This would mean that UK data protection standards would have to be at least equivalent to the new EU legislation.
GDPR is intended to strengthen and standardise data protection for individuals throughout the EU and failure to comply could lead to stiff penalties, which include fines of up to 4% of annual revenue or €20 million (c. £17.1 million) whichever is higher.
It’s not known whether UK businesses would face the same penalties under a separate UK framework but it’s likely that substantial penalties would be part of any package claiming equivalency to the EU rules.
These penalties could easily push many businesses towards insolvency even without factoring in the operational and reputational costs of a data breach to the business.
Despite this, nearly two thirds (63%) of SMEs have made the decision not to invest in better online security, according to Close Brothers.
The majority of UK SMEs recognised the importance of cyber-security, with 57% saying they were concerned about the impact it could have on their business. That still left a significant proportion (36%) who said they were not concerned.
Only 41% of businesses feel they are adequately protected by the security measures they already have in place. 17% said they did not even know what measures they had in place while a fifth (21%) recognised that cyber-security was an important issue but said they had not found the time to look into it.
By Phil Smith