Lambert Roper & Horsfield Limited Accountants Calderdale, Huddersfield
Business Services

Most businesses are very good at providing the products and services that their customers need – but running a business involves much more than that.

Click here to find out more...

Private Clients

The financial world is a complicated place and there are times when you’ll need some expert help.

Click here to find out more...

Wealth Management

When it comes to your finances, taking time out to seek expert advice is always a wise investment.

Click here to find out more...

Specialist Services

We also provide specialist services to a range of other clients.

Click here to find out more...

You are here: Home » Latest News » Cybersecurity failings are rife amongst UK SMEs

Cybersecurity failings are rife amongst UK SMEs


UK-based SMEs are not doing enough to ensure the data they hold is secure, it has been reported.

Findings from a newly-published report show that more than two out of three SMEs considered that there was room for improvement in protecting their business data, while four out of 10 questioned said they did not have a cybersecurity policy in place.

The figures were published with just six months remaining until the General Data Protection Regulation (GDPR) comes into force in May 2018.

GDPR sets tough new standards for organisations’ data protection procedures, with steep penalties for those found to be non-compliant or guilty of a breach.

A key requirement of GDPR is that businesses which hold sensitive data on a large scale will need to appoint a data protection officer. At the moment, just 84 per cent of businesses questioned said they had a dedicated employee responsible for IT and cybersecurity.

Individuals will receive a number of new rights under the GDPR – which will also strengthen some of the existing rights offered under the Data Protection Act.

According to the Information Commissioner’s Office (ICO), once the new legislation takes effect, individuals will have the following rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

Whilst many of the principles from the DPA will remain, the GDPR will bring with it several new concepts and approaches, which have been described as a “game changer for everyone”.

Businesses in particular will be adversely affected – as many will need to implement organisation-wide changes to ensure that any personal data is processed in compliance with the GDPR’s requirements.

One notable change is that companies that currently rely on ‘consent’ as a legal basis for processing personal data will need to assess the consents that they currently hold and the mechanisms through which such consents are provided in future. This is because ‘implied consent’ will no longer be deemed valid under the GDPR.

It is crucially important that businesses ensure they are fully compliant with the new regime, as enforcement powers will also increase under the GDPR – meaning that non-compliance may result in harsher ICO investigations than was previously the case.

The ICO has published full guidance to the GDPR on its website here.

Link: Overview of the GDPR

Link: UK SMEs are negligent – and complacent – when it comes to cybersecurity

The New LRH Client Portal


We are delighted to announce that the LRH client portal (powered by Onvio, a Thomson Reuters company) is now fully operational… Continue reading →

Get in touch!


Telephone: 01422 360788

Email: mail@lrh.co.uk