Low confidence and a lack of awareness is hampering smaller businesses' preparations for the General Data Protection Regulation (GDPR) with only a year until the May, 2018, deadline, according to a recent survey commissioned by data management company NetApp.
Reviewing the degree of preparedness of 253 CIOs and IT decision makers in the UK, almost a quarter of respondents from smaller businesses with between 100 and 250 employees (23%) say they have not yet made any preparations. For large enterprises with more than 501 employees, the value is considerably lower at 11%.
The flip-side demonstrates a similar polarisation, with over a third of respondents from large businesses (34 %) stating they are fully prepared for the GDPR legislation, compared to less than a fifth (19 %) of CIOs and IT managers from smaller businesses. However, a glimmer of hope is cast by the fact that more than half of respondents (57 %) from smaller businesses say they have 'made some preparations' – though they are not yet fully compliant with regulation.
Despite this, there is a distinct lack of awareness among smaller businesses, with 14% saying they do not even know what GDPR is. The survey also shows that smaller businesses lack confidence in understanding their compliancy. Only 17% of respondents from smaller businesses say they are 'confident in knowing where the data centres of the service providers are located, and where all their data is stored' – an understanding that underpins GDPR legislation. For bigger businesses this percentage is more than doubled, with 40% of respondents saying they are confident in knowing where both the data centres of the service providers are located, and where all their data is stored.
This lack of awareness is also reflected by only 7 % of respondents saying they have a full understanding of GDPR. This compares to 25% of bigger businesses, demonstrating a continued need for further education across the enterprise. Reassuringly however, over a quarter of small businesses (28 %) say they have 'a good understanding' of GDPR – more than respondents from medium (27%) and larger businesses (21%), putting smaller businesses in a stronger position than their counterparts. which means that whilst a lot of work needs to be done in the next year, many SMBs have started to actively look into GDPR.
Martin Warren, Cloud Solutions Marketing Manager, NetApp, said: "The clock is ticking and businesses only have a year to make the necessary changes in order to ensure they are compliant for the May, 2018, GDPR deadline. This will require a solid understanding of the issue of data privacy that sits at the heart of the legislation and the ability to confidently identify where their data is stored – or risk debilitating fines. No business that processes EU citizens' data is exempt from GDPR, regardless of size or location.
Yet worryingly, NetApp's survey demonstrates a disparity across the enterprise, with smaller businesses falling behind in preparation for and awareness of the legislation. The risks of non-compliance for a smaller business could be catastrophic – by virtue of size, they are even more vulnerable to the hefty fines for non-compliance. There is a clear need for increased education, particularly among smaller businesses, which should instil greater confidence and propel preparations forwards."