55% of UK small businesses are still not familiar with the General Data Protection Regulation (GDPR) despite its introduction being now less than a year away, according to a new business research by Collyer Bristow.

The survey further reveals that the knowledge of GDPR is higher in larger businesses. However, 30% of executives at companies with over 1,000 employees say they are still not familiar with the General Data Protection Regulation (GDPR). The research also found that 18% of businesses said they would be at risk of going insolvent if they were forced to pay the new, higher maximum fines allowable. Under the GDPR, organisations that breach it will be subject to fines of up to €20 million or 4% of worldwide turnover, whichever is higher. Previously, fines were set at a maximum of £500,000. 18% of businesses say if they had to pay new maximum fines, it would put them at risk of insolvency

The new GDPR makes a significant tightening of data protection compliance regulation and comes into force on 25 May 2018. It harmonises data protection rules across the European Union and applies to all organisations collecting personal data. Lack of knowledge of the GDPR across all businesses is still high, with over a quarter (27%) of senior decision-makers at all UK businesses not familiar with the upcoming changes.

The worst performing sectors include real estate and construction, where 35% of senior decision-makers across all real estate businesses admit they are not familiar with General Data Protection Regulation (GDPR).

Further findings from the research reveal:

  • 57% of businesses’ senior management have little or no direct involvement with data protection
  • 34% of businesses have no plans to perform a data risk assessment in 2017
  • 23% of business have no data breach contingency plan in place
  • 20% of businesses have still taken not steps to prepare for the GDPR

Patrick Wheeler, Partner and Head of Intellectual Property and Data Protection at Collyer Bristow, said “Our survey shows that a lot of businesses – particularly SMEs – in the UK still have a long way to go to be GDPR-compliant by May, and the clock is ticking. This is despite all the recent publicity.” It cannot be overstated just how far-reaching a change the GDPR will be to the data protection landscape in the UK. It impacts any business that deals with personal data – no matter how small.”

“The potentially-enormous penalties mean that no business can afford to treat its data protection policies and procedures as a low priority. With nearly one in five businesses saying they would be at risk of going insolvent if they had to pay the maximum penalty, data regulation compliance can potentially have wide reaching consequences for the whole firm. The new regime comes at a time when data is becoming increasingly important to businesses. Owning and exploiting customer data is now a key part of a business’ competitive strength – meaning the GDPR really is raising the stakes.”

“The good news is that businesses still have time to get their data protection in order, so long as they act quickly. A business that starts working on this today can be a compliant business on day one of the GDPR.”