Most SMEs unaware of GDPR data protect laws

Less than half of UK SMEs, businesses and charities are aware of new GDPR data laws just four months before the deadline.

Less than half of UK SMEs, businesses and charities are aware of new GDPR data laws just four months before the deadline.

The new data laws will be brought in through the EU’s General Data Protection Regulation (GDPR), which will be implemented in UK law via the Data Protection Bill on 25th May 2018.

The new UK data protection legislation sets similar requirements and penalties for non compliance as the EU’s GDPR in an attempt by the UK government to ensure uninterrupted data flows between the UK and EU member countries after Brexit.

Awareness is higher among businesses that say their senior managers consider cyber security a fairly high or very high priority, with two in five aware of the GDPR.

The survey found that just over a quarter of businesses and charities that had heard of the regulation have made changes to their operations ahead of the new laws coming into force.

Among those making changes, just under half of businesses, and just over one-third of charities, have made changes to cyber security practices, including creating or improving cyber security procedures, hiring new staff and installing or updating anti-virus software.

Speaking in Davos, UK digital, culture, media and sport minister Matt Hancock said the government is strengthening the UK’s data protection law to make it fit for the digital age.

The new legislation is aimed at giving UK citizens more control over their own data, he said, as well as supporting innovative businesses to maximise the potential benefits of increasing use of data in the digital economy.

The new UK data protection legislation will give the ICO more power to defend consumer interests and issue higher fines, of up to £17 million or 4% of global turnover for the most serious data breaches, which is roughly in line with the penalties contained in the GDPR.

SMEs and organisations that hold and process personal data are urged to prepare and follow the GDPR guidance from the ICO.

There will be no regulatory “grace” period, but the government said the ICO is a “fair and proportionate” regulator.

“Those who self report, who engage with the ICO to resolve issues and demonstrate effective accountability, can expect this to be taken into account when the ICO considers taking action,” the government said in a statement.

Information commissioner Elizabeth Denham said the data protection law reforms put consumers and citizens first. “People will have greater control over how their data is used, and organisations will have to be transparent and account for their actions,” she said.

“This is a step-change in the law – businesses, public bodies and charities need to take steps now to ensure they are ready.”

According to Denham, organisations that commit to the spirit of data protection and embed it into their policies, processes and people will thrive in the new era of data protection.

“The GDPR offers a real opportunity to present themselves on the basis of how they respect the privacy of individuals, and over time this can play more of a role in consumer choice,” she said. “Enhanced customer trust and more competitive advantage are just two of the benefits of getting it right.”

So if you want to save yourself stress, money and a damaged reputation from a data incident with affordable, live systems protection please ring us now on 01242 521967 or email or complete the form on our contact page NOWContact Cyber 139