Third of small businesses don’t feel GDPR applies to them

SMBs have struggled to implement aspects of the laws like conducting impact assessments or auditing third-party data

GDPR readiness

While the majority of small businesses feeling positive about the recently-introduced General Data Protection Regulation (GDPR) rules, more than a third don’t feel that certain aspects of the law apply to them.

A significant portion of data decision-makers within small and medium-sized businesses (SMBs) do not believe that the laws apply to the customer data they hold, according to a report produced by the Data and Marketing Association (DMA). 

Advertisement - Article continues below

Just under half of the businesses, 49%, also believe the law isn’t applicable online browsing data.

This is despite the fact that the majority of SMBs, 90%, feel confident in their understanding of the new data protection laws, and have a positive impression on the impact on their processes and operations.

“This is a significant concern to the data and marketing industry, not to mention a risk to these businesses that are so vital to the UK economy,” the report said. 

“The split between those that appear to have a good understanding of where GDPR is applicable and those that don’t is also one that we’ve used elsewhere in this report to analyse the drivers behind this discrepancy.”

Many individuals, moreover, rely on colleagues to ensure they have the knowledge and understanding that fulfilling their roles’ demands.

Advertisement - Article continues below

Approximately three-quarters, 74%, of the 293 respondents at senior level or mid-level management suggested their organisation's collective knowledge about the data protection changes brought in with GDPR is high.

Advertisement - Article continues below

Sentiment among SMBs about how GDPR has changed the way their organisation works is generally positive, with 60% of respondents seeing reporting improvements to internal processes.

There has also been a positive impact on marketing programmes, true for 54%, as well as 49% seeing improvements to the sales process.

Conversely, 18% of SMBs felt their business, in general, has been negatively affected by GDPR, while a quarter, 25%, have sustained no change.

Worryingly, with 18 months having transpired since GDPR came into force, a significant portion of SMBs haven’t begun to undertake a host of the key processes required for them to remain on the right side of compliance.

Nearly a third of SMBs, 28%, for example, have not yet begun to audit third-party data, while 22% of firms haven’t conducted data protection impact assessments (DPIAs)

“This may well be down to the lack of advice and training made easily available to help these organisations ensure they are not falling foul of the new laws. Compliance is clearly an important issue when it comes to GDPR, but it’s also important to remember that the benefits of being diligent with data go far beyond that,” said the DMA’s head of insight Tim Bond.

“The key for businesses, large or small, is ensuring they are putting their customers first and at the heart of everything they stand for as an organisation. Only then will they be able to build relationships based on authenticity, transparency and trust that will drive reputation and prosperity.”

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now


General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020