A recent survey commissioned by Shred-it, one of the UK’s leading information security companies and a Stericycle solution, has revealed a positive understanding and engagement with the principles of GDPR among SMEs on its first anniversary. The findings show that 72% of UK SMEs report being ‘very aware’ of its requirements. However, 60% reported that the recent changes to data protection have had a ‘slight’ or ‘no’ impact on their business, while 8% did not know. The figures highlight a possible cosmetic understanding of GDPR and key areas of concern around the more complex aspects of full compliance.
The independent survey of 1439 SMEs was commissioned to gather insight on attitudes to data protection. The first anniversary of GDPR is on 25th May 2019. Its survey comprised a series of unprompted questions and covered a range of businesses in specific market sectors across the United Kingdom with 85% having 10 to 49 employees. When asked about GDPR readiness nine in ten rated themselves as a ‘4’ or ‘5’ out of 5; the main actions taken were reviewing policies (45%) and emailing customers for consent (35%). These are considered to be the lighter ‘front end’ aspects of GDPR compliance according to Shred-it’s experts.
The survey data showed that one third (32%) of SMEs reported that GDPR has had a ‘great’ or ‘considerable’ impact on their business. When those businesses that had experienced challenges with GDPR compliance were probed further, they cited data breaches and disclosure requirements as the main challenges, with healthcare (27%) and real estate (25%) the main industries affected with those specific areas. Small proportions also reported issues with subject access requests, again with healthcare (28%) and real estate (15%) being the main industries affected.