New research suggests the upcoming General Data Protection Regulation (GDPR) could threaten small businesses in the U.K. if they find themselves out of compliance with the data protection rules.
Reports said research released by insurance company Zurich in its “SME Risk Index” report found many small- and medium-sized businesses (SMBs) across the U.K. are at-risk for significant fines, as many remain unaware of the requirements under the GDPR rules. That includes new data protection officer (DPO) employment requirements, calling for businesses that handle vast amounts of data to hire data protection specialists.
In a survey of more than 1,000 small businesses, Zurich found that 85 percent of them will be impacted in some way by GDPR, yet 44 percent said they were not aware they would be required to hire a DPO under the regulation. That requirement comes into effect next May, and only one-third of SMBs said they currently employ a DPO.
Small businesses could face regulatory fines for non-compliance, which could be as high a 4 percent of a business’ total turnover and a maximum of more than $24 million. Approximately 25 percent of SMBs surveyed told researchers they would be able to continue operations if they were hit with a fine that large.
One-tenth said such a fine would force them to close operations altogether.
“Cybersecurity-trained staff is already a rare and highly sought-after commodity, and business leaders should be gravely concerned about their ability to find and hire data security personnel,” said Paul Tombs, Zurich head of SME proposition, in a statement. “If your business requires a DPO, then investing in training current staff is probably the quickest and simplest solution given the current job market for these individuals. Stomaching the investment in training now may be hard to bear, but the repercussions for not doing so will be dire.”
According to reports, separate data from Cybersecurity Ventures suggests a cybersecurity job shortage by 2021.