With GDPR set to become enforceable in May 2018, the pressure is on small and medium-sized businesses (SMBs) to get fully up to speed on what the legislation will mean for them.
While complying with the data protection regulation is a matter of law, it can also bring numerous benefits for SMBs, helping them to get their data practices in order and empowering them to gain more insight and value from the data they hold.
A study by Kaspersky Lab set out to understand the steps SMBs across Europe are taking to prepare for the impending deadline for GDPR compliance. Interviews were conducted with over 2,000 IT professionals employed at SMBs (firms with fewer than 1,000 employees) around Europe.
Here are four of the key findings:
1 - Smaller businesses are struggling with a GDPR knowledge gap
Smaller businesses show less awareness of GDPR than their larger counterparts. Nearly half of organisations at the larger end of the SMB scale said they had a good level of awareness, compared to just a third at the smaller end of the SMB scale.
General Data Protection Regulation (GDPR) GDPR for small businesses: What it means for you
It is clear that ITDMs working at SMBs have a long journey ahead before they are fully ready for GDPR. There is also a danger that the lack of awareness may hamper efforts to prepare appropriately, with many not even knowing where to start.
2 - There's a cross-country variance in GDPR awareness
IT decision makers working at SMBs in France, the UK, Germany and Italy have the most awareness and good levels of knowledge about GDPR. In comparison, one in 10 respondents in Denmark and Norway have no awareness of GDPR at all.
In the majority of regions surveyed, IT professionals are unlikely to say that they have a good knowledge', about incoming regulations, preferring to say that they are aware of some of the details' instead. This could reflect both the complexity of the regulations themselves, and an overall lack of SMB awareness.
3 - Many SMB IT leaders are feeling overwhelmed
ITDMs are arguably at the coal face of personal data protection. They know how information is processed across the business and may feel more exposed to GDPR as a result.
With two in five IT decision makers at SMBs feeling overwhelmed by the GDPR, many may currently be suffering at the hands of the enormity of the task ahead. More needs to be done to help the smaller SMBs realise the empowerment brought by the new regulations, as their counterparts at other organisations have. UK data watchdog the Information Commissioner's Office (ICO), for instance, has introduced a helpline specifically for SMB queries about the new rules. But with budgets and resources tight, possible actions may be limited.
4 - Two-thirds expect to be empowered by GDPR
Although it can be an overwhelming task, IT professionals ultimately have a lot to gain from the new regulations and should consider it a source of empowerment.
Around half of SMB IT professionals think that the GDPR will make their roles more important within their organisations and empower them to enforce data protection. Respondents working at companies with 500-999 employees were significantly more likely to think this than those working at smaller businesses, however.
Picture: Bigstock
