A recent survey of over 1,400 UK SMEs commissioned by information security specialist, Shred-it, has revealed a positive understanding and engagement with the principles of GDPR on its first anniversary but highlights key areas of concern under the surface.
The findings show that 72 per cent of UK SMEs report being ‘very aware’ of its requirements. However, 60 per cent reported that the recent changes to data protection have had a ‘slight’ or ‘no’ impact on their business, while eight per cent did not know. The figures highlight a possible cosmetic understanding of GDPR and key areas of concern around the more complex aspects of full compliance.
The independent survey of 1439 SMEs was commissioned to gather insight on attitudes to data protection. The first anniversary of GDPR is on 25 May 2019. Its survey comprised a series of unprompted questions and covered a range of businesses in specific market sectors across the United Kingdom with 85 per cent having 10 to 49 employees. When asked about GDPR readiness nine in 10 rated themselves as a ‘4’ or ‘5’ out of 5; the main actions taken were reviewing policies (45 per cent) and emailing customers for consent (35 per cent). These are considered to be the lighter ‘front end’ aspects of GDPR compliance according to Shred-it’s experts.
The survey data showed that one third (32 per cent) of SMEs reported that GDPR has had a ‘great’ or ‘considerable’ impact on their business. When those businesses that had experienced challenges with GDPR compliance were probed further, they cited data breaches and disclosure requirements as the main challenges, with healthcare (27 per cent) and real estate (25 per cent) the main industries affected with those specific areas. Small proportions also reported issues with subject access requests, again with healthcare (28 per cent) and real estate (15 per cent) being the main industries affected.
Ian Osborne, Vice President UK & Ireland for Shred-it, commented: “On the surface it is good news. It is clear that many feel they are already compliant with GDPR having reviewed areas such as ‘consent’ activities and publishing a privacy notice. These typically deal with the ‘front end’ aspects of GDPR. However, while many say they are ready, there is a real question mark over the extent to which the majority of SMEs are prepared to respond to a data breach or how to react to a subject access request, for example. Our survey suggests that there is still a need for a large education exercise to show SMEs what is really involved in GDPR compliance at depth.”
Of the 10 per cent that said they were ‘not quite’ or ‘not at all’ ready, who rated themselves as a ‘1’ to ‘3’ out of 5, 42 per cent (54 businesses) said they have not been dealing with it; when asked what was holding them back, their unprompted reasons were that data protection authorities were ‘only interested in bigger companies’, it was ‘not applicable to us’, it was ‘too complicated’, and they were ‘too busy’. Of the 10 per cent, two in five would only trust someone in-house to help them comply with GDPR – only one in 10 would consider external support and only four per cent would trust the data protection authority for assistance. The SMEs that would consider external support were unsure what services they needed and when they would intend to look for support.
In the twelve months between 25 May 2018 and 2019 the Information Commissioner’s Office (ICO), the UK’s independent authority set up to uphold information rights in the public interest, has taken 59 enforcement actions. There have also been numerous examples of enforcement across different industries including high profile fines levied against large companies and penalty notices involving smaller businesses failing to pay the Data Protection Fee.
Join 12,000 other FMs from over 46 countries at ExCeL London from the 18-20 June 2019. You and your team will learn from skilled trainers in CPD-accredited seminars and workshops at the only IWFM supported exhibition. You’ll test, trial and source smart solutions across technology, cleaning, FM services, waste and energy management. You’ll meet enthusiastic suppliers to identify new collaborations. By registering, you’ll also gain access to three neighbouring shows to enhance your specialisms across fire, security and health and safety. Get your free ticket for Facilities Show.