SME owners unprepared for the GDPR


Fewer than 1 in 10 small business owners fully understand the forthcoming General Data Protection Regulations (GDPR), according to research.

Retail bank Aldermore surveyed 1,003 SME owners and found just 9% have started preparing for the GDPR, which comes into force on 25 May 2018.

A further 46% of SME owners have not even heard of the GDPR, potentially representing up to 2.5 million of the UK’s 5.5 million-strong small business community.

The GDPR is designed to “harmonise” data privacy laws across Europe, while also providing individuals with greater protection and rights in the digital domain.

The legislation will come in regardless of the UK’s vote to leave the EU in June 2016.

Carl D’Ammassa, managing director of business finance at Aldermore, said:

“The GDPR is the biggest shake-up in data protection to date and the results are worrying when looking at the amount of businesses that are unaware of the impact it will have on them. 

“Data privacy, the appropriate use of customer information and breach notifications all need to be taken incredibly seriously.

“Businesses face increased sanctions if they don’t keep to the GDPR, including regular data protection audits, and fines of up to £20 million or 4% of their annual turnover for the most serious violations.” 

Not only will the GDPR change how businesses and public sector organisations handle their customers’ personal data, it will also provide clients with new rights.

In an increasingly digital world, individuals will receive more control over all their personal data as well as extra security and controls to protect it.


55% of the SME owners polled by Aldermore voiced fears about the potential impacts of cybercrime on their business, but just 34% viewed cyber protection as a priority.

Mr D’Ammassa added:

“The danger of cyber-attacks for all businesses, not just SMEs, is an ever present one and is something that is likely to increase as economic activity moves to the digital world. 

“With these attacks having a significant financial and reputational impact on a business, it is crucial all SMEs take adequate time to analyse and protect themselves against this threat.”

Low-cost, easy to implement techniques that can help prevent cybercrime within your organisation:

  • backing up your data
  • installing the latest updates on your tablets, smartphones and computers
  • prevent malware damage by having the most recent anti-virus software installed
  • be aware of phishing scams, particularly via email
  • use strong passwords to protect your data and change them regularly.

We have featured many useful articles on GDPR, you can find a list and the links here

We are also proud to announce that we are running a training course on the looming new GDPR legislation coming into effect in May 2018. It is specifically designed for our industry. The course will take place on Thursday 26th October 2017 and the venue is the Layton’s Solicitors office – it’s on the river Thames by London Bridge, right next to City Hall.

If you’d like to come along, please contact