Some 66% of UK businesses haven’t heard about, or don’t have any plans to comply with new General Data Protection Regulation (GDPR), despite potentially being fined millions.
That is according to a survey of more than 200 SME owners by DocsCorp, finding that 30% of managers do not even know what metadata is – the exact data the incoming legislation intends to secure.
This is despite 47% of the businesses surveyed admitting to handling sensitive information like names, addresses and bank details which may be transferred between computers through metadata.
GDPR comes into force on 25 May 2018, with failure to comply potentially resulting in fines of up to €20m (£17.7m) or 4% of an organisation’s global turnover, whichever is higher.
“Businesses should evaluate all internal operations that involve the handling of secure data to identify any areas that might present the risk of a data breach, and design processes to minimise that risk,” DocsCorp EMEA vice president, Ben Mitchell, said.
The findings also show that the number of managers that do not know about metadata increases to 67% among those in finance, despite 20% of workers in the sector claiming to send more than 1000 attachments every week.
In addition, it was found that 58% of business surveyed allow for remote working – potentially making metadata more vulnerable through accessing unencrypted Wi-Fi access points and losing renewable storage.
“Businesses need to train employees where necessary, implement smart systems and software, and understand the processes for reporting any breach to the proper EU authorities,” Mitchell added.
This comes after research published in June forecast European financial institutions to face fines totalling €4.7bn within the first three years of GDPR implementation.
It predicts 384 data breaches by 2021, each incurring fines as high as €260m, with additional regulations potentially bringing further liabilities – with these forecasts said to be conservative.
“Financial institutions that have not invested in response readiness will face the most serious fines and collateral business damage,” Bo Holland, CEO of AllClear ID, said.
“History tells us that companies that have dealt with data breaches poorly have seen loss of customers, reduced earnings and board level resignations. GDPR raises the stakes even higher.”
Businesses in Europe, the Middle East, and Africa (EMEA) are spending four times more of their budget on insurance for property, plant and equipment (PP&E) than they are covering cyber exposure.
16 October 2017
Smart technology is expected to transform the home insurance industry, but a lack of consumers engaging with connected technologies is hindering progress.
10 October 2017
Two-thirds of UK businesses have adopted at least one financial technology application, saving an average of £5,500 in the process, according to research from MarketInvoice.
06 October 2017
Why InsurTech? A Pressured Insurance Value Chain
By Andrew Sagon, Andrew Johnston and Matthew Wong
InsurTech is a burgeoning phenomenon that is modernising the insurance industry. It is disrupting the traditional value chain whereby insurers offer loss protection, and shifting the emphasis to risk mitigation. Incumbents face disintermediation as investors in search of higher yields pour money into insurance-linked instruments in the capital markets. And entrepreneurial businesses are targeting friction costs and inefficiencies within every aspect of the traditional value chain.
Nimbleness and agility will unlock potential
By Elinor Friedman, Andrew Harley and Klayton Southwood
Recent Willis Towers Watson surveys in the U.S. have shown that P&C and life insurers in developed markets are taking seriously the potential of big data and predictive analytics to improve their businesses. Nimbleness and agility, rather than brute force, are likely to be key to realizing that potential.
Driven by technology, toolkits and talent
By Claudine Modlin and Graham Wright
Advanced analytics is helping some insurers offer innovative products and solutions. What do insurers need to know about the changing nature of analytics and whether it is worth the investment? Claudine Modlin and Graham Wright discuss technology, toolkits and talent — topics that may help you decide.
Risk transfer is part of a comprehensive solution
By Adeola Adele, Patrick Kulesa, Kevin Madigan and Alice Underwood
Given the dynamic nature of cyber-risk, taking a multidimensional approach that integrates board governance, technology solutions, behavioral change and risk transfer solutions can help reduce risk to a manageable level.