The Introduction Of General Data Protection Regulation (GDPR)
Changes to the data breach fines could pose massive insolvency risks for a range of businesses. The General Data Protection Regulation (GDPR) is set to come into effect on 25 May 2018 and it means that businesses can be fined up to 4% of their total revenue. Despite the changes being less than a year away, over half of UK small businesses are still not prepared for the new regulations.
Research carried out by law firm Collyer Bristow revealed that 18% of businesses claimed they would be at risk of going insolvent if they were forced to pay the new maximum fines. Currently, the fines are set at a maximum of £500,000.
The changes in the regulations are significant steps in tightening data protection compliance but lack of knowledge of GDPR is still high across all sectors. 20% of businesses have not yet taken any measures to prepare for GDPR and 57% of senior management have minimal direct involvement with data protection.
One of the worst performing sectors is construction.
Construction And Data Breaches
Despite the construction sector being predominantly offline, it is still at high risk of security breaches because it often holds sensitive customer and project information, intellectual property and market-sensitive information.
Construction contributes to 7% of the UK’s GDP and businesses should be adequately prepared for any kind of threat they may face. However that doesn’t seem to be the case, with the findings of Collyer Bristow revealing otherwise.
Currently, a strong threat to the construction industry is ‘ransomware’. Ransomware is a type of malicious software which threatens to publish the victim’s data or perpetually block access to it, unless a ransom is paid. The construction industry has the biggest vulnerability to this kind of attack because the importance of recovering the data is great. The prospect of automated cyber attacks increases the need for security measures to protect internal and consumer data.
It is imperative that construction companies take preventative measures such as:
- internal training regarding phishing scams
- installing malware detection software on their systems
- increasing password complexity
- becoming certified to ISO 27001 standards.
A lot of construction companies and sole traders are struggling in this economic climate without the added pressure of data breaches forcing them into insolvency.
And it isn’t just the construction sector that is at risk. Further findings from Collyer Bristow highlighted that 34% of businesses have no plans for any data risk assessments during 2017 and 23% of businesses have no data breach contingency plan in place.
Clarke Bell’s senior partner, John Bell, said:
“Many owners of small and medium-sized companies are so busy focusing on running their businesses that they really don’t have the time or resources to give issues like GDPR the time and attention that it needs.
“Somehow, however, they have to find a way to address the matter as the potential consequences and fines of failing to comply could result in serious financial problems for their companies.”