MOST businesses are unaware of the new laws on personal data which come into force in May – despite the onerous penalties that apply from day one.

Serious breaches of the General Data Protection Regulation (GDPR) will be punishable by fines of up to four per cent of turnover, or 20million euros.

Yet an Ipsos MORI survey suggests only 38 per cent of businesses know of the EU-derived legislation, which affects any organisation storing personal data.

Ian Girling, chief executive of Dorset Chamber of Commerce and Industry, said: “With all the noise in the community around GDPR, I am surprised the figure is this is high, which is concerning. It’s essential businesses understand GDPR and the implications for failing to meet these requirements.

“A good place start is the website for the Information Commissioners’ Office website at ico.org.uk. Businesses that already treat their data responsibly and with respect will find this manageable and businesses shouldn’t panic and take a sensible planned approach.”

Peter Rolph, managing partner at Steele Raymond solicitors in Bournemouth, said: “These regulations will fundamentally change the data protection regime and will introduce new more onerous requirements and sanctions for breaches of the regulations which will affect every business and every individual’s rights.

“The whole legal basis for to process personal data will be revised and there is no to transitional or phased introduction and so every business must be compliant on May 25 or face sanctions and potential fines.”

He added: “The new regulations apply to everyone and these changes mean every business must before May undertake an audit of their current data protection polices and rules and adapt or vary to ensure complete post May compliance.”

Mark Gracey, who runs Flavourfy Digital, a Lytchett Matravers-based security and compliance business, said he was surprised at the lack of awareness.

“There have been statistics coming out quite regularly over the last nine months or so indicating that businesses are generally unprepared for GDPR,” he said.

“ I think the main challenge for businesses is realising that it applies to them. Often businesses don’t think they’re big enough and therefore it doesn’t apply, when in reality the regulation applies no matter how big or small, because it’s about the processing of personal data whether that’s one piece or billions.

“And those operating in the B2B market often don’t think their data is personal data, when it is, and the GDPR applies to business data (that identifies an individual in a business) as much as a consumer or private individual.”

He added: “Whilst there are no bonus points for being compliant before May 25, I’m certainly seeing that being compliant ahead of the competition as a great selling point; a way of sticking yourself ahead of everyone else.”