38% of small firms ‘believe the GDPR doesn’t apply to them’

Feb 28, 2020 | Regulation

GDPR 3 years on: 43% of UK organisations reported to the ICO for a data breach
Nearly 2 in 5 (38%) of small to medium-sized businesses (SMBs) believe that the GDPR does not apply to customer data they may come into contact with.

This is according to the Data & Marketing Association’s (DMA) ‘SMBs and GDPR’ report, created in partnership with Xynics, which investigated the impact of the GDPR on organisations with fewer than 250 employees.

In addition, a near-fifth of SMBs (18%) feel the impact of the GDPR has been negative, which is around four times the number seen in previous research of the entire data and marketing industry, including large organisations and multinationals.

Highlighting how these smaller organisations may be struggling with the new laws more than their larger counterparts.

“While most of the data and marketing industry has long been aware, understood and implemented the necessary strategies to be compliant with the GDPR, there is a concern about knowledge gaps and training made available to smaller and medium-sized businesses. Of greatest concern is that 38% of them appear to believe that the GDPR does not apply to customer data they may acquire and process,” said Tim Bond, Head of Insight at the DMA.

“SMBs form the bedrock of our economy and yet are the ones with the lowest knowledge and, therefore, the highest risk. We’ve been staggered by the increasing number of businesses, suppliers and partners that remain non-compliant with the GDPR,” stated Mike Kilby, Solutions Consultant & Data Protection Practitioner, Xynics Data Solutions Ltd. “Part of the problem is that although some businesses know they are having difficulties; the vast majority don’t know where to go for help.”

Overall, sentiment among SMBs about the new laws has been positive, whether that’s in relation to marketing programmes (54%), sales (49%) or internal processes (60%). In fact, the 57% of respondents who reported a generally positive impact on their business was even higher than the 44% we saw for all businesses in our ‘Data Privacy: An Industry Perspective 2019’ report (57%).

“Compliance is clearly an important issue when it comes to GDPR, but it’s also important to remember that the benefits of being diligent with data go far beyond that. This strategy already appears to be paying dividends for some, but the future success of our industry will be dependent on all organisations placing the needs of the customer front and centre,” added Bond.

To read more about the DMA’s new research, including the report, visit the DMA