At a glance
- The Zurich SME Risk Index has suggested that many of Britain’s small-and-medium sized enterprises may be non-compliant on the GDPR implementation deadline
- The survey of over 1,000 SME business owners highlighted that, while 85% would be affected by GDPR, nearly half (44%) of those were unaware of the obligation to hire a DPO or satisfactory equivalent
- Just one in three (34%) of those surveyed currently employs a DPO or satisfactory equivalent
The Zurich SME Risk Index has suggested that many of the UK’s small-and-medium sized enterprises may be non-compliant on the GDPR implementation deadline, largely due to a widespread lack of awareness around the Data Protection Officer (DPO) employment requirements.
The survey of over 1,000 SME business owners highlighted that, while 85% would be affected by GDPR, nearly half (44%) of those were not aware that employing a DPO or satisfactory equivalent will become a regulatory obligation for many businesses dealing with large amounts of data from May 2018.
Just one in three (34%) of those surveyed currently employs a DPO or satisfactory equivalent. Current estimates* highlight that by 2021 there could be 3.5 million vacant cyber security jobs due to a chronic skills shortage in the field of cyber security, suggesting that a significant number of small and medium sized businesses in the UK may face non-compliance due to a lack of adequately trained staff.
Fines for non-compliance with the GDPR can be as high as 4% of a business’ global turnover, up to a maximum of approximately £18 million, yet just over a quarter (28%) of SME owners can currently guarantee that they could continue operating following a fine of this magnitude.
With almost one in ten (9%) business owners saying that they would need to close down operations following a fine of this size, it appears that the penalties handed out following GDPR implementation could see a significant number of SMEs close for business.
Paul Tombs, Head of SME Proposition at Zurich, comments:
“Cyber security trained staff are already a rare and highly sought after commodity and business leaders should be gravely concerned about their ability to find and hire data security personnel.
“If your business requires a DPO, then investing in training current staff is probably the quickest and simplest solution given the current job market for these individuals. Stomaching the investment in training now may be hard to bear, but the repercussions for no doing so will be dire.”
For more information, please contact your local Zurich Account Executive.