Nearly half of British small and medium business owners have never heard of the incoming EU General Data Protection regulation, according to Aldermore’s Future Attitudes survey.

The data also revealed that only one in ten enterprises had taken steps to fully comply with the new rules that will apply from May 2018, with the rest saying they did not understand requirements or needed further guidance.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

55% also said they were not concerned by the impact from possible cybercrime. This was despite the fact that two-thirds of the survey’s enterprises experienced cyberattacks at some point in their lifetime.

Carl D’Ammassa, Aldermore’s group managing director for Business Finance, called the results “worrying”.

“Data privacy, the appropriate use of customer information and breach notifications all need to be taken incredibly seriously.  This is made especially apparent when one considers the increased sanctions businesses face if they don’t keep to the new regulations,” he said.

He added: “The danger of cyber-attacks for all businesses, not just SMEs, is an ever present one and is something that is likely to increase as economic activity moves to the digital world. With these attacks having a significant financial and reputational impact on a business, it is crucial all SMEs take adequate time to analyse and protect themselves against this threat.”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The GDPR comes into effect next May, and businesses from across the globe will have to comply with its practices if they want to offer goods and services in Europe. Personal data will have to be stored in a format that’s transferrable and erasable if the customer so wishes.

Most importantly, businesses will have to appoint a dedicated data protection officer, and notify customers of any data breach within 72 hours.

Fines for not complying are hefty: businesses will have to pay 4% of their annual turnover or €20m (£18m), whichever is biggest.

Only half of business owners interviewed by Aldermore said they have policies in place to deal with data breaches, though not necessarily ones that comply with the GDPR. More than one in ten outright stated they could not afford to adequately protect their data.