SMEs failing to grasp importance of new data rules

New research now shows that less than one in ten SME owners in the UK fully understands what GDPR actually means for their business, or have taken the appropriate steps to prepare themselves for it.

Worrying facts and figures

That’s the worrying finding from the latest small and medium-sized business owners Future Attitudes study produced by Aldermore, the specialist lender and savings bank. The GDPR framework is designed to strengthen and unify data protection for all individuals within the European Union. The regulations come into force in May 2018 and will have the power to hand out tough punishments for companies which fail to comply with new rules around the storage and handling of personal data. However, according to the study, nearly half of all SME bosses – representing 2.5 million firms in the UK – have not even heard of them.

What will GDPR do?

GDPR will change the way businesses handle data. It will impose a duty on all organisations to report certain data breaches to the relevant supervisory authority (in the case of the UK, a newly-beefed up Information Commissioner’s Office) and in some cases to the individuals affected, as well as giving customers the right to be forgotten. In the case of the latter, a firm would be required to delete all the relevant information held on an individual. Aldermore described such scenarios as “a considerable step change” and ones “which will affect many small and medium-sized organisations, particularly as recent industry figures [from the Federation of Small Businesses] show that two-thirds of SMEs have been a victim of cyber-crime since their launch”. The Future Attitudes study represents the views of over a thousand senior decision makers across the UK.

Surprisingly, the findings show that only about a third (34%) of businesses regarded protection against cyber-crime as a high priority and had taken steps to protect themselves.

A fifth of respondents (22%) acknowledged that GDPR was important, but said they hadn’t found time to look at the appropriate safeguards. Meanwhile, one-in-ten businesses (12%) said that they couldn’t afford to shield themselves adequately. The research also revealed that only a half (49%) of UK SMEs currently have data breach policies in place around the use of email, internet and mobile devices. Taking data privacy seriously should be a cornerstone of best practice, even more so in the light of the sanctions the new regulations will be able to impose. In the UK, from next May firms that suffer a serious data breach could be fined up to £17m (€20 million) or 4% of global turnover. That compares with the current maximum fine of £500,000 for breaking data protection laws.
To discuss this article in more detail, or to discuss any wider tax planning, please talk to us. T: 020 7376 9333 E:

For more information


    Your Name (required):

    Your Email (required):


    Your Message:

    I would like to receive marketing information about Figurit's Services and updates about legislation changes from time to time (required):


    I would like to sign-up to the Figurit newsletter (required):

    Please view our Privacy Policy

    We will be in contact with you regarding your enquiry