You are using an older browser version. Please use a supported version for the best MSN experience.

Money Top Stories

GDPR: Small business owners still ‘clueless’ about data protection rules, study claims

The Independent logo The Independent 12/12/2018 Rob Knight
a screen shot of a computer © Provided by Independent Digital News & Media Limited

Small business owners polled for a new survey have admitted they are still “clueless” about GDPR - leaving the personal data of millions of employees and customers at risk.

Half of the 1,000 questioned were confused by the rules when it came to data protection and privacy regulations.

As a result, owners and employees alike have made mistakes or have procedures in place which could have resulted in a multi-million pound fine for the business.

© Getty More than a quarter of those polled allowed staff to use their own computers, tablets and phones for work purposes which contravene rules as personal data could be stored unencrypted at home. 

And one in 10 revealed they have visitor books in their HQ - where visitors can freely see details of others who have been there previously. 

Download the Microsoft News app for your Android or iPhone device and get news & live updates on the go.

“As the results show, many businesses could be in breach of GDPR – most likely without even realising it," said Chris Mallett, a cybersecurity specialist at Aon which commissioned the research.

“Visitors books, allowing staff to use their own mobiles for work purposes and even seemingly minor things like distributing sponsorship forms around the office carry risk.

“Yet these sorts of things are commonplace among businesses big and small across the UK.”

Related: Data Spring Cleaning: Your Guide To Tech Self-Care (Refinery29)

The research also found a quarter had used training materials which featured the full details of real-life case studies.

Sixteen per cent had used promotional images which included members of staff wearing their nametags – making them publicly identifiable.

More than half also revealed they did not dispose of paper customer records securely and confidentially and it was a similar story for staff records (71 per cent), visitor books (86 per cent) and minutes from meetings (78 per cent).

© Getty Four in 10 did not know the loss of paperwork could be a data breach, while 36 per cent were not aware personal data posted, emailed or faxed to the wrong person could be a breach too.

Six in 10 had no idea the Information Commissioner’s Office (ICO) have to be notified of data breaches where individuals’ rights are affected and around half did not know all those affected must be told as well.

Currently, almost 45 per cent of businesses have no insurance whatsoever in place to protect them against cyber or data risks.

© Getty Mr Mallett added: “Such a significant proportion of businesses not having cyber insurance is a major worry.

From talking to our customers we know that many simply can’t guarantee they’re able to successfully defend against a cyberattack and that’s not necessarily their fault - even major corporations are vulnerable.

“How a breach is dealt with by a business is vital, though, and if it’s not done in accordance with GDPR that business could receive a significant fine as well as damaging relationships with customers and losing out on revenue.”

Watch: What is GDPR? (Daily Post)


More from The Independent

The Independent
The Independent
image beaconimage beaconimage beacon