The Federation of Small Businesses (FSB) claims 33% of SMEs have not started preparing for the EU-wide General Data Protection Regulation, which takes effect on 25 May 2018.
A similar number (35%) have only recently started preparing for it, with 52% of those approaching the Information Commissioner’s Office (ICO) for advice.
Only 8% of 934 small businesses polled by the FSB are ready to be fully compliant with the introduction of the GDPR.
Mike Cherry, chairman of the FSB, said:
“It’s clear a large part of the small business community is still unaware of the steps they need to take to comply and may be left playing catch-up.
“The attention now shifts to the ICO and whether it can effectively manage the demands of small businesses seeking advice and guidance.
“It is vital smaller firms looking for this support, either by phone or the web, are able to get it easily.”
The average SME spends seven hours a month and £508 a year complying with their data protection requirements, according to the FSB.
60% of small businesses have reported lower profits due to obliging with data protection, and 31% say they have been forced to stop workforce expansion.
Sanctions of £20 million or 4% of a business’s annual turnover, whichever is higher, are in place for non-compliance, although fines will only ever be applied as a last resort.
Elizabeth Denham, information commissioner, added:
“This law is not about fines; it’s about putting the consumer and citizen first and rebalancing data relationships and trust between individuals and organisations.
“We do have the power to impose larger fines, but we have access to lots of other tools that are well-suited to the task at hand, such as guiding, advising and educating organisations.
“The report tells us that many small and medium-sized organisations are preparing for the new data protection laws but some still have to make a start.
“The ICO’s website offers a number of ways in which organisations of all sizes and all sectors can get the help they need, and we’ll study the survey findings to see if we can improve the help we offer.”Tags: GDPR