The General Data Protection Regulation (GDPR) is a major risk to small business survival, according to a new report highlighting the dangers of failing to protect consumer data.
Zurich, which published its new SME Risk Index this week, said a number of SMEs will struggle to meet the Data Protection Officer (DPO) requirements.
GDPR will come into full force in May 2018, bringing with it a raft of new data protection laws. Companies which misuse or fail to proactively protect consumer data will be heavily fined – up to €20 million (approximately £17.59 million) or four per cent of company turnover.
The Index, which looks at the major risks facing businesses in 2018, shows that the majority (85 per cent) of small businesses will be impacted by GDPR in one way or another.
Around 44 per cent of business owners were not aware that placing someone in charge of data will become a regulatory obligation from 2018. Likewise, 72 per cent of business owners said their business could collapse if it were to become subject of the new penalties.
The risk index also found that businesses see Brexit as an obstacle to expansion, with 27 per cent believing that leaving the European Union will decrease the availability of skilled worked.
Paul Tombs, head of SME proposition at Zurich, said: “Cyber security trained staff are already a rare and highly sought after commodity and business leaders should be gravely concerned about their ability to find and hire data security personnel.
“If your business requires a DPO, then investing in training current staff is probably the quickest and simplest solution given the current job market for these individuals. Stomaching the investment in training now may be hard to bear, but the repercussions for no doing so will be dire.”
Last year, Zurich highlighted late payments as a major risk of 2017. It found that more than half (52 per cent) of Britain’s SMEs were owed an estimated 44.6 billion.