GDPR is still causing small business owners problems, with many admitting that they are ‘clueless’ when it comes to the do’s and don’ts of data privacy regulations.

Aon commissioned researchers to poll 1,000 small business owners and found that many have procedures in place which could result in multi-million pound fines through ignorance of the new law, brought in from 25th May 2018.

More than a quarter of those polled allow staff to use their own computers, tablets and phones for work purposes which contravene rules as personal data could be stored unencrypted at home.

One in 10 also revealed they have visitors books in their HQ – where visitors can freely see details of others who have been there previously.

Paper diaries were still used by 26 per cent of businesses – which could contain private information or customer details and be easily misplaced.

And ten per cent said the circulation of printed out sponsorship forms – which often contain names and addresses – is common at their place of work, which is another contravention of GDPR rules.

Chris Mallett, a cyber security specialist at Aon said: “As the results show, many businesses could be in breach of GDPR – most likely without even realising it.

“Visitors books, allowing staff to use their own mobiles for work purposes and even seemingly minor things like distributing sponsorship forms around the office carry risk.

“Yet these sorts of things are commonplace among businesses big and small across the UK.”

TOP 10 MOST COMMON WAYS SMALL BUSINESSES ARE, OR COULD BE BREAKING GDPR RULES:

1. Allowing staff to use their own computers, tablets or phones for work purposes – if personal data isn’t encrypted
2. Staff using papers diaries used for work purposes and containing personal information – major risk of them being misplaced or falling into the wrong hands
3. Using training materials which feature full details of real life case studies
4. Using images which feature customers to promote your business
5. Storing files which potentially contain personal data outside of a defined structure/naming system
6. Using images to promote your business which feature members of staff wearing nametags
7. Holding unencrypted CCTV footage where individuals are recognisable
8. Recording customer calls which capture customer card details
9. Visitors books where visitors can see other people’s information when signing in – such as names, company they work for, their vehicle registration number etc
10. Staff members circulating sponsorship/charity donation sheets