Simply Business homepage
  • Business insurance

    • Business Insurance FAQs

    Business insurance covers

  • Support
  • Claims
  • Sign In
Call Us0333 0146 683
Our opening hours
Knowledge Centre

GDPR mistakes: the small business errors that could result in a hefty fine

2-minute read

Lauren Hellicar

28 December 2018

Share on FacebookShare on TwitterShare on LinkedIn

We're now more than seven months on from the European General Data Protection Regulation (GDPR) deadline on 25 May 2018 – how confident are you that your small business is fully compliant?

A new survey of 1,000 small business owners has revealed that half are confused by the rules, according to the Independent.

This indicates that the data of millions of customers and employees are being left at risk as some small business owners admit they’re ‘clueless’ when it comes to data security.

  • GDPR for small businesses

The survey was commissioned by Aon. Chris Mallett, a cybersecurity specialist for the firm, said: “As the results show, many businesses could be in breach of GDPR – most likely without even realising it.

“Visitors books, allowing staff to use their own mobiles for work purposes and even seemingly minor things like distributing sponsorship forms around the office carry risk.

“Yet these sorts of things are commonplace among businesses big and small across the UK.”

But we all know that not knowing the rules is never seen as a valid excuse, so read on to see if you’ve made these common security mistakes. They could see your small business slapped with a fine running into the millions.

Common GDPR mistakes small businesses make

1. Letting staff use their own computers

More than a quarter of businesses surveyed made this mistake. Letting your staff use their own laptops and devices for work purposes allows unencrypted customer and employee personal data to be stored at home.

2. Keeping a visitors book

10 per cent of businesseses made this mistake. It's a seemingly harmless way for guests to note their visit to your place of business, especially if you’re in the hospitality industry. But the problem is that this presents visitors with freely available information on others.

3. Keeping a paper diary

Keeping a paper diary might be preferable to doing everything on a screen for some business owners. But as it could include private details about customers, this too poses a privacy risk. 26 per cent of businesses polled made this mistake.

4. Circulating printed sponsorship forms

This is a clear GDPR contravention, as printing and distributing sponsorship forms tends to include names and addresses of individuals. One in ten businesses made this mistake.

Other privacy mistakes

Further contraventions by the small businesses polled include cases studies in training materials that reveal the full details of featured individuals (25 per cent), and distributing promotional images of employees that display their unobscured name badges (16 per cent).

Not disposing of paper records properly

Paper records were another hazy area for those surveyed. The results revealed that not all small businesses are aware of their responsibility to get rid of paper records securely and confidentially.

More than half aren’t aware of their obligation to get rid of paper customer records. That figure jumps to 71 per cent for staff records, 78 per cent for meeting minutes, and 81 per cent for visitor books.

Further to that, 10 per cent don’t realise that losing paperwork can count as a data breach and 36 per cent aren’t aware that posting, emailing, or faxing personal details to the wrong person could also be a breach, according to the Independent.

Duty to notify the Information Commissioner’s Office

Did you know that you’re obliged to notify the Information Commissioner’s Office, as well as all those affected, if your business has a data breach that affects individuals’ rights? Six in 10 of the small business owners polled didn’t.

With the risk of being fined running high in the event of a data breach, it may come as a surprise that 45 per cent of business don’t even consider it when taking out business insurance.

Are you fully up to speed on the rules around GDPR? Let us know your thoughts in the comments below.

Ready to set up your cover?

As one of the UK's biggest business insurance providers, we specialise in public liability insurance and protect more trades than anybody else. Why not take a look now and build a quick, tailored quote?

Start your quote

We create this content for general information purposes and it should not be taken as advice. Always take professional advice. Read our full disclaimer

Find this article useful? Spread the word.

Share on Facebook
Share on Twitter
Share on LinkedIn

Keep up to date with Simply Business. Subscribe to our monthly newsletter and follow us on social media.

Subscribe to our newsletter


Popular articlesBusiness resources from FarillioGeneral businessGuestInsuranceLandlordLandlord resources from FarillioLegal and financeMarketingNewsOpinionProperty maintenanceTradesmanCovid-19 business support hub


Public liability insuranceBusiness insuranceProfessional indemnity insuranceEmployers liability insuranceLandlord insuranceTradesman insuranceCharity insuranceRestaurant insuranceCommercial van insuranceInsurers


About usOur teamAwardsPress releasesPartners & affiliatesOur charitable workModern Slavery ActSocial mediaSite map

Customer support

Contact & supportPolicy renewalMake a claimProof of policyComplaintsAccessibility


6th Floor99 Gresham StreetLondonEC2V 7NG

Sol House29 St Katherine's StreetNorthamptonNN1 2QZ


Careers at Simply BusinessTech careersCurrent opportunities


BenefitsRefer a friendFinance


Terms & conditionsPrivacy policyCookie policyVuln Disclosure policy


Knowledge centreOpinionsMicrosites

© Copyright 2022 Simply Business. All Rights Reserved. Simply Business is a trading name of Xbridge Limited which is authorised and regulated by the Financial Conduct Authority (Financial Services Registration No: 313348). Xbridge Limited (No: 3967717) has its registered office at 6th Floor, 99 Gresham Street, London, EC2V 7NG.