Third of small businesses don’t feel GDPR applies to them

SMBs have struggled to implement aspects of the laws like conducting impact assessments or auditing third-party data

GDPR readiness

While the majority of small businesses feeling positive about the recently-introduced General Data Protection Regulation (GDPR) rules, more than a third don’t feel that certain aspects of the law apply to them.

A significant portion of data decision-makers within small and medium-sized businesses (SMBs) do not believe that the laws apply to the customer data they hold, according to a report produced by the Data and Marketing Association (DMA). 

Advertisement - Article continues below

Just under half of the businesses, 49%, also believe the law isn’t applicable online browsing data.

This is despite the fact that the majority of SMBs, 90%, feel confident in their understanding of the new data protection laws, and have a positive impression on the impact on their processes and operations.

“This is a significant concern to the data and marketing industry, not to mention a risk to these businesses that are so vital to the UK economy,” the report said. 

“The split between those that appear to have a good understanding of where GDPR is applicable and those that don’t is also one that we’ve used elsewhere in this report to analyse the drivers behind this discrepancy.”

Many individuals, moreover, rely on colleagues to ensure they have the knowledge and understanding that fulfilling their roles’ demands.

Advertisement
Advertisement - Article continues below

Approximately three-quarters, 74%, of the 293 respondents at senior level or mid-level management suggested their organisation's collective knowledge about the data protection changes brought in with GDPR is high.

Advertisement - Article continues below

Sentiment among SMBs about how GDPR has changed the way their organisation works is generally positive, with 60% of respondents seeing reporting improvements to internal processes.

There has also been a positive impact on marketing programmes, true for 54%, as well as 49% seeing improvements to the sales process.

Conversely, 18% of SMBs felt their business, in general, has been negatively affected by GDPR, while a quarter, 25%, have sustained no change.

Worryingly, with 18 months having transpired since GDPR came into force, a significant portion of SMBs haven’t begun to undertake a host of the key processes required for them to remain on the right side of compliance.

Nearly a third of SMBs, 28%, for example, have not yet begun to audit third-party data, while 22% of firms haven’t conducted data protection impact assessments (DPIAs)

“This may well be down to the lack of advice and training made easily available to help these organisations ensure they are not falling foul of the new laws. Compliance is clearly an important issue when it comes to GDPR, but it’s also important to remember that the benefits of being diligent with data go far beyond that,” said the DMA’s head of insight Tim Bond.

“The key for businesses, large or small, is ensuring they are putting their customers first and at the heart of everything they stand for as an organisation. Only then will they be able to build relationships based on authenticity, transparency and trust that will drive reputation and prosperity.”

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/policy-legislation/data-protection/355184/supreme-court-finds-morrisons-was-not-liable-for-2014
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020
Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019

Most Popular

Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/security/data-breaches/355173/marriott-hit-by-data-breach-exposing-personal-data-of-52-million
data breaches

Marriott data breach exposes personal data of 5.2 million guests

31 Mar 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020