Most Small UK Businesses Ignore GDPR Risks


The majority of small businesses in the UK are yet to update or review their data security and privacy policies since the GDPR came into force. This is according to the latest research from tech firm, Appstractor.

Ignoring GDPR Risks

The Under Attack report assessed the views of 500 IT bosses at small UK companies and revealed that most of them are ignoring GDPR risks 7 months after the new regulations were officially introduced. 75 per cent of those who polled said that their company is yet to take any action to improve how they store their data. What’s more, a quarter of these businesses have no plans whatsoever.

The findings make for concerning reading, particularly given research published by the Federation of Small Businesses prior to GDPR coming into force. This research claimed that 90 per cent of small businesses were not compliant with GDPR.

Facing the Facts

According to Paul Rosenthall, CEO of Appstractor, “Small businesses have long been in denial about the threat they face from cyber-criminals and it seems this denial has carried over into the risk GDPR carries.

“It is not just the financial risk and the fines that can be imposed under GDPR, but businesses now have a responsibility to report a security breach to those whose data has been put at risk. The reputational damage alone of being known as a company that can’t keep its customers’ data safe can be enough to sink a small business before any financial fines are imposed.”

Whatever steps they choose to take, smaller businesses should at least review the ways in which they gather, store and secure customer data. This is so they can ensure that they are as compliant as possible, Rosenthal continued. “Unfortunately, it seems many are not taking GDPR seriously enough which could have serious consequences.”

Join us for ESRM 2019

As a security professional, have you found that you and others in your company do not always define information and security risk management in a way which identifies it as a core business function in equal prominence with financial performance and customer satisfaction? The need to adopt a holistic approach has never been more pressing as the methods by which enterprises collect, share and store data continues to increase in complexity and diversity.

Whitehall Media’s prestigious biannual 10th ESRM conference is set to discuss how enterprises are identifying risks, measuring threats, establishing mitigation plans, managing incidents, and developing remediation practices. The event offers unrivalled networking opportunities and insights on how to design, implement and embed deliverable action plans that balance risk mitigation with the pursuit of business growth.