Jump to MenuJump to Main ContentJump to the SidebarJump to About A&T Business AssociatesJump to How A&T Business Associates are DifferentJump to How A&T Business Associates WorkJump to Our LinksJump to our Industry NewsJump to Legal InformationJump to Viewing OptionsJump to SearchJump to Site MapJump to Contact Page

Why BA and Marriott GDPR fines make SME data protection investment critical

The withering assessments of the data security arrangements of BA and the Marriott group are a stark warning to smaller businesses. However, investing in strengthening data protection system in expensive. Alternative finance can help these firms manage the costs.

The fines handed out to BA and the Marriott group by the Information Commissioner’s Office (IOC) are eye-watering, at almost £300 million in total, but it is the analysis of both company’s data protection systems that are arguably more damaging. The IOC attributed the BA data breach to poor security arrangements, while it reprimanded the Marriott group for failing to undertake sufficient due diligence and making sure its IT systems were secure.

BA and Marriott are the latest in a lengthening list of high-profile corporations to have been issued a large fine in relation to insufficient data protection following a major data breach. As such, it is clear that the regulator is currently firmly focused on these types of company. However, it won’t be long before this focus shifts to smaller firms. And while the likes of Google, Uber and BA have the resources to manage GDPR fines, smaller businesses are more vulnerable.

Notably, research has revealed that small businesses are dragging their feet when it comes to complying with GDPR legislation and upgrading cybersecurity systems. One of the major reasons why such investment isn’t being more widely prioritised is the cost.

At a time when market conditions are challenging, with growth being stifled by the Brexit-related uncertainty, and when small business owners are having to manage a raft of policy and non-policy costs, finding the capital to beef up cybersecurity systems and ensure that all policies and practices are fully GDPR compliant is far from easy. But with the prospect of large GDRP fines and the likelihood that insufficient data protection infrastructure will deter more and more clients, small businesses have to act.

This is where alternative finance can help.

In the wake of prolonged caution from traditional lenders, a position that Brexit is helping to entrench, alternative finance facilities such as invoice finance, asset finance, peer-to-peer lending and crowdfunding are providing small businesses with access to capital for vital investment, including in GDPR compliance and the strengthening of cybersecurity systems.

This is how a small business in Sussex used peer-to-peer lending, through a commercial finance broker that specialises in alternative finance, to raise the capital to invest in new equipment and resources.

The current climate means that small businesses have to be more careful than ever about investment. That said, failing to properly protect business and customer data risks crippling damage, both financially and in terms of brand. So, it is essential that firms invest. To do so, owners must be aware of the funding options available to them, including alternative finance.

To find out more about A&T Business Associates services, contact Tony Hedger on 01903 602211 or tony.hedger@atbusinessassociates.co.uk.

Return to the News Page