New research suggests that almost a third (30 per cent) of small and medium-sized enterprises (SMEs) are unprepared for the General Data Protection Regulation (GDPR), while a similar number have no plans in place to deal with a potential cyber attack.
This is despite the fact that the GDPR is due to be phased in as soon as May next year, and that any businesses that suffer data breaches could face incredibly hefty penalties.
In fact, the Information Commissioner’s Office (ICO) will be able to fine businesses up to €20 million (£18 million) or four per cent of their annual turnover for serious data breaches or non-compliance.
The new legislation, which will take effect from May 2018, will effectively replace the Data Protection Act as we know it, and brings with it a number of changes.
Businesses of all shapes and sizes will need to adapt in numerous ways in order to become GDPR-compliant – and should investigate what they might need to do sooner rather than later.
SMEs are also urged to step up their cyber security ahead of time, as separate research suggests that an increasing number of smaller businesses are today being targeted by cyber criminals.
The ICO will be regularly publishing new information about the GDPR here.