IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Third of small businesses don’t feel GDPR applies to them

SMBs have struggled to implement aspects of the laws like conducting impact assessments or auditing third-party data

GDPR readiness

While the majority of small businesses feeling positive about the recently-introduced General Data Protection Regulation (GDPR) rules, more than a third don’t feel that certain aspects of the law apply to them.

A significant portion of data decision-makers within small and medium-sized businesses (SMBs) do not believe that the laws apply to the customer data they hold, according to a report produced by the Data and Marketing Association (DMA). 

Just under half of the businesses, 49%, also believe the law isn’t applicable online browsing data.

This is despite the fact that the majority of SMBs, 90%, feel confident in their understanding of the new data protection laws, and have a positive impression on the impact on their processes and operations.

“This is a significant concern to the data and marketing industry, not to mention a risk to these businesses that are so vital to the UK economy,” the report said. 

“The split between those that appear to have a good understanding of where GDPR is applicable and those that don’t is also one that we’ve used elsewhere in this report to analyse the drivers behind this discrepancy.”

Many individuals, moreover, rely on colleagues to ensure they have the knowledge and understanding that fulfilling their roles’ demands.

Approximately three-quarters, 74%, of the 293 respondents at senior level or mid-level management suggested their organisation's collective knowledge about the data protection changes brought in with GDPR is high.

Sentiment among SMBs about how GDPR has changed the way their organisation works is generally positive, with 60% of respondents seeing reporting improvements to internal processes.

There has also been a positive impact on marketing programmes, true for 54%, as well as 49% seeing improvements to the sales process.

Conversely, 18% of SMBs felt their business, in general, has been negatively affected by GDPR, while a quarter, 25%, have sustained no change.

Worryingly, with 18 months having transpired since GDPR came into force, a significant portion of SMBs haven’t begun to undertake a host of the key processes required for them to remain on the right side of compliance.

Nearly a third of SMBs, 28%, for example, have not yet begun to audit third-party data, while 22% of firms haven’t conducted data protection impact assessments (DPIAs)

“This may well be down to the lack of advice and training made easily available to help these organisations ensure they are not falling foul of the new laws. Compliance is clearly an important issue when it comes to GDPR, but it’s also important to remember that the benefits of being diligent with data go far beyond that,” said the DMA’s head of insight Tim Bond.

“The key for businesses, large or small, is ensuring they are putting their customers first and at the heart of everything they stand for as an organisation. Only then will they be able to build relationships based on authenticity, transparency and trust that will drive reputation and prosperity.”

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
Electrical explosion reported at Google's Iowa data centre
data centres

Electrical explosion reported at Google's Iowa data centre

9 Aug 2022