"There are drawbacks when it comes to time and resources, but compliance will ultimately be a help rather than a headache for SMEs"
Due to be implemented on 25 May this year, this EU-wide directive is set to replace the existing Data Protection Act 1998 and will govern how organisations can obtain, process and retain personal information.
Directed at SME owners, the poll revealed a lack of confidence in the official information supplied by the ICO and the Government, with 45% of participants indicating that they found this advice unhelpful and lacking in practical guidance. On the other hand, all those who had enlisted professional assistance – through consultations with a legal advisor or certified GDPR practitioner – reported this as being either “quite” or “extremely helpful”.
The biggest challenges identified by respondents were overhauling the way in which their organisations manage and process personal data, and keeping stored information up-to-date and accurate.
With stricter rules surrounding consent and data protection, the GDPR will grant individual data subjects the right to request access to any information a company holds about them, appeal for it to be amended, or demand that it is erased entirely. Organisations must therefore be able to deal with such requests, and ensure adequate security measures are in place to prevent a potential breach of sensitive information.
Non-compliance with the GDPR could result in financial penalties of up to £17m – or 4% of global turnover – being issued by the Information Commissioner’s Office (ICO). But despite the severe implications of a data breach or failure to comply, 23% of survey participants expressed indifference towards the new legislation, with less than half acknowledging it as a key priority for their business in 2018.
Commenting on the findings, Q2Q IT’s managing director Andrew Stellakis said: “The message is clear throughout all UK sectors – the GDPR needs to be a priority for businesses of all sizes, operating within all industries. Yet despite heightened media attention on the impending legislative changes, these results show that SMEs are still failing to prepare.”
Whilst almost a fifth of poll participants admitted they hadn’t started thinking about their compliance preparations yet, 60% claimed that they are well on their way. A further 20% indicated that they were “hopeful” about the GDPR.
Andrew continued: “There’s admittedly been a lot of scaremongering about the regulation – particularly when it comes to the eye-watering fines – which can easily lead to people switching off. And although ensuring operational processes are in shape and compliant is undeniably a laborious task, through our GDPR consultation services we’re trying to get businesses to see the benefits of the new legislation too.
“The requirement to keep all information up-to-date and accurate alone will help make customer databases more efficient. Plus, the need for more targeted marketing comms – sent to people who have confirmed they actually require the information – is undoubtedly an opportunity for higher customer engagement. Yes, there are drawbacks when it comes to time and resources, but compliance will ultimately be a help rather than a headache for SMEs.”
Having achieved EU Certified GDPR Practitioner status in April 2017, Andrew provides compliance support to businesses throughout the North West of England.
Alongside GDPR guidance, Lancaster-based Q2Q IT specialises in providing managed IT support, cyber-security assistance and proactive systems monitoring services to SMEs.