Survey finds SMBs struggling to implement GDPR strategy

With GDPR coming into effect this Friday, many SMBs have admitted they simply aren’t prepared for it

That’s according to recent research by IDC in a reported entitled “2018 Worldwide SMBs GDPR Ready (or Not) in Seven Countries“. It found fewer than half of European SMBs have made strides in ensuring their compliance, and this number of far lower in countries outside of Europe.

There are no geographic exceptions to the GDPR: All companies that do business with European Citizens must comply or risk significant sanctions. Companies can be fined up to 20 million Euro or four percent of their annual turnover for not complying, and the requirements dealing with data privacy and security are significant. In spite of substantial and well-funded attempts to reach out and help businesses know how to be in compliance, studies show companies are simply unprepared.

According to the survey results, more than 20 percent of small businesses in the UK and Germany claim to not be aware of the GDPR. This number is greater outside of Europe, with nearly half claiming to be unaware of the forthcoming regulations. Medium businesses are more knowledgeable, and 80 to 90 percent of medium businesses surveyed around the globe are aware of the requirements.


Slow Change

In Europe, 41 percent of medium businesses and nearly 44 percent of small businesses claim they’ll need to make changes to comply with the GDPR. Outside of Europe, 38 percent of small businesses claim they’ll need to make changes, and this number grows to 55 percent for medium businesses. Perhaps most surprising is that one-third of European businesses and more than 50 percent of non-European businesses have no plans to comply, setting up the GDPR to be a charged issues for years or decades to come.

Even within Europe, only 29 percent of small businesses have taken steps to prepare for the looming GDPR, and this number drops to only nine percent outside of Europe. Among medium-sized businesses, 41 percent located within Europe have made changes, compared to 20 percent outside of Europe. In general, large and medium companies have been more active in making changes. The slow rate of conforming to new requirements, however, will be a point of concern for regulators and those interested in data security and privacy.

Speaking about the report, Carla La Croce, senior research analyst, European Industry Solutions, Customer Insights and Analysis, noted that bigger companies, as expected, are moving at a faster rate than their smaller counterparts. While Western European countries are progressing at a slow but steady pace, those in Nordic companies, in particular, have been making the most progress.

Echoing concerns stated by others studying GDPR, La Croce expressed concern about how much companies adequately understand the new regulations, stating: “Western European companies are struggling to meet an imminent deadline, and this is more likely for small and medium companies. In addition, there are also misunderstandings and misconception issues that compromise on-time compliance.”