Third of small businesses don’t feel GDPR applies to them

SMBs have struggled to implement aspects of the laws like conducting impact assessments or auditing third-party data

GDPR readiness

While the majority of small businesses feeling positive about the recently-introduced General Data Protection Regulation (GDPR) rules, more than a third don’t feel that certain aspects of the law apply to them.

A significant portion of data decision-makers within small and medium-sized businesses (SMBs) do not believe that the laws apply to the customer data they hold, according to a report produced by the Data and Marketing Association (DMA). 

Just under half of the businesses, 49%, also believe the law isn’t applicable online browsing data.

This is despite the fact that the majority of SMBs, 90%, feel confident in their understanding of the new data protection laws, and have a positive impression on the impact on their processes and operations.

“This is a significant concern to the data and marketing industry, not to mention a risk to these businesses that are so vital to the UK economy,” the report said. 

“The split between those that appear to have a good understanding of where GDPR is applicable and those that don’t is also one that we’ve used elsewhere in this report to analyse the drivers behind this discrepancy.”

Many individuals, moreover, rely on colleagues to ensure they have the knowledge and understanding that fulfilling their roles’ demands.

Approximately three-quarters, 74%, of the 293 respondents at senior level or mid-level management suggested their organisation's collective knowledge about the data protection changes brought in with GDPR is high.

Sentiment among SMBs about how GDPR has changed the way their organisation works is generally positive, with 60% of respondents seeing reporting improvements to internal processes.

There has also been a positive impact on marketing programmes, true for 54%, as well as 49% seeing improvements to the sales process.

Conversely, 18% of SMBs felt their business, in general, has been negatively affected by GDPR, while a quarter, 25%, have sustained no change.

Worryingly, with 18 months having transpired since GDPR came into force, a significant portion of SMBs haven’t begun to undertake a host of the key processes required for them to remain on the right side of compliance.

Nearly a third of SMBs, 28%, for example, have not yet begun to audit third-party data, while 22% of firms haven’t conducted data protection impact assessments (DPIAs)

“This may well be down to the lack of advice and training made easily available to help these organisations ensure they are not falling foul of the new laws. Compliance is clearly an important issue when it comes to GDPR, but it’s also important to remember that the benefits of being diligent with data go far beyond that,” said the DMA’s head of insight Tim Bond.

“The key for businesses, large or small, is ensuring they are putting their customers first and at the heart of everything they stand for as an organisation. Only then will they be able to build relationships based on authenticity, transparency and trust that will drive reputation and prosperity.”

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Supreme Court rules Morrisons was not liable for 2014 data breach
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

Microsoft hints at stand-alone successor to Office 2019 suite
Microsoft Office

Microsoft hints at stand-alone successor to Office 2019 suite

24 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020