GDPR doesn't apply to us, believe more than one-third of small businesses

Charlie Spargo's picture
by Charlie Spargo

DMA research has found that 38% of SMEs (or SMBs) are erroneously confident that the EU data protection regulation, GDPR, doesn't apply to the information that they handle.

The DMA's most recent report, 'SMBs and GDPR', was created in association with data solutions provider Xynics, and investigated how GDPR was affecting those businesses with 250 or fewer employees.

As well as finding that nearly one in four are unaware that GDPR applies to them as well as everyone else, around a fifth (18%) say that the data protection regulation - introduced in May 2018 - have had a negative impact.

On balance though, SMEs generally see the data positive laws as positive, with 54% saying it's benefited their marketing programmes, 49% saying it helped sales, and 60% linking it with better internal processes. In total  57% reported a generally positive impact, more so than for all businesses, 44% of whom did so.

Tim Bond, Head of Insight at the DMA, said: “While most of the data and marketing industry has long been aware, understood and implemented the necessary strategies to be compliant with the GDPR, there is a concern about knowledge gaps and training made available to smaller and medium-sized businesses.

"Of greatest concern is that 38% of them appear to believe that the GDPR does not apply to customer data they may acquire and process."

Mike Kilby, Solutions Consultant & Data Protection Practitioner at Xynics, said: “SMBs form the bedrock of our economy and yet are the ones with the lowest knowledge and, therefore, the highest risk. We’ve been staggered by the increasing number of businesses, suppliers and partners that remain non-compliant with the GDPR.

“Part of the problem is that although some businesses know they are having difficulties; the vast majority don’t know where to go for help.”