top of page
  • Writer's pictureScott Naisbett

GDPR - one year on

The Information Commissioner's Office have recently announced that the focus for year two of GDPR must be BEYOND baseline controls and compliance.

It's time to get intricate. All businesses are expected to focus on accountability and demonstrate an understanding of the risks involved in the way they process data, and how those risks should be mitigated. With over 40,000 data complaints made over the past year and over 14,000 personal data breaches, they now have the necessary skills and knowledge to take serious action upon those who aren't compliant.

Despite having been in place for over a year, the vast majority of small and medium sized enterprises (SMEs) remain deeply unaware of General Data Protection Regulation (GDPR), according to research by Hiscox.

The insurer found that 90% of SME owners are unaware of the new rights that GDPR gives consumers, while 39% have no idea who the law affects.

96% are also unaware of the maximum fine for breaching GDPR, which is particularly concerning given that it is a punishing £20m or 4% of annual global turnover.

Perhaps most significantly, Hiscox found that over half of SME owners are now less aware of what GDPR actually is than they were half a year ago.


If you wish to discuss your information security requirements, you can contact our ISMS Lead Implementer Scott Naisbett -


bottom of page