We use cookies to provide you with a responsive service to make your experience of our website(s) better. Please confirm that you agree to our use cookies
in accordance with our cookies policy.

By continuing to use our website we will assume that you are happy to receive non-privacy intrusive cookies.
Please be aware that if you disable cookies some functionality on the site will not work.

Alternatively, read our cookie policy to find out more about our cookie use and how to disable cookies.

Accept and continue
Zurich logo Zurich logo
Login / Register: CPD For Brokers Sign up to receive our newsletter Login
Order by:
  1. Home
  2. Industry Spotlight
  3. GDPR fines a major threat to small business survival amid confusion over cyber security training requirements

GDPR fines a major threat to small business survival amid confusion over cyber security training requirements

Posted:

At a glance

  • The Zurich SME Risk Index has suggested that many of Britain’s small-and-medium sized enterprises may be non-compliant on the GDPR implementation deadline
  • The survey of over 1,000 SME business owners highlighted that, while 85% would be affected by GDPR, nearly half (44%) of those were unaware of the obligation to hire a DPO or satisfactory equivalent
  • Just one in three (34%) of those surveyed currently employs a DPO or satisfactory equivalent

The Zurich SME Risk Index has suggested that many of the UK’s small-and-medium sized enterprises may be non-compliant on the GDPR implementation deadline, largely due to a widespread lack of awareness around the Data Protection Officer (DPO) employment requirements.

The survey of over 1,000 SME business owners highlighted that, while 85% would be affected by GDPR, nearly half (44%) of those were not aware that employing a DPO or satisfactory equivalent will become a regulatory obligation for many businesses dealing with large amounts of data from May 2018.

Just one in three (34%) of those surveyed currently employs a DPO or satisfactory equivalent. Current estimates* highlight that by 2021 there could be 3.5 million vacant cyber security jobs due to a chronic skills shortage in the field of cyber security, suggesting that a significant number of small and medium sized businesses in the UK may face non-compliance due to a lack of adequately trained staff.

Fines for non-compliance with the GDPR can be as high as 4% of a business’ global turnover, up to a maximum of approximately £18 million, yet just over a quarter (28%) of SME owners can currently guarantee that they could continue operating following a fine of this magnitude.

With almost one in ten (9%) business owners saying that they would need to close down operations following a fine of this size, it appears that the penalties handed out following GDPR implementation could see a significant number of SMEs close for business.

Paul Tombs, Head of SME Proposition at Zurich, comments:

“Cyber security trained staff are already a rare and highly sought after commodity and business leaders should be gravely concerned about their ability to find and hire data security personnel.

“If your business requires a DPO, then investing in training current staff is probably the quickest and simplest solution given the current job market for these individuals. Stomaching the investment in training now may be hard to bear, but the repercussions for no doing so will be dire.”

For more information, please contact your local Zurich Account Executive.

Image © Getty

Tools

Get in touch

If you’d like to know more about the products we have to offer, send us an email and we’ll get back to you.

Leave a comment

Related articles