Just how prepared are small businesses for GDPR? GDPR awareness has cropped up as part of a recent government survey, and the results make for interesting reading.
The Department for Digital, Culture, Media & Sport have published their Cyber Security survey for 2018. The results can be found at https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2018-preparations-for-the-new-data-protection-act.
Thumbs up for the government continuing to be open and transparent with the data it collects. The sample for this study was 1,519 businesses and 569 chartities.
Small Business Snapshot
Micro Businesses are those with less than 10 employees. Small Business are those with 10-49 employees. It is interesting to note that Sole Traders were not included in this survey.
The question that was put to businesses:
Before this interview, had you heard of the General Data Protection Regulation, or GDPR?
Two charts for you to consider. Firstly, comparison of “micro” and “small” businesses.
Considering, at the time of the survey, we were only a few months away from when the regulations come into effect, only 31% of micro businesses (those with less than 10 employees) were aware of GDPR. This was a little better with the small business community, with 49% of small business being aware of GDPR.
The second chart shows the regional divide between the North West and the rest of the UK.
The figures do not make great reading. Across all business sizes, in the North West only 33% of businesses were aware of GDPR. Behind the national UK average of 38%. Nevertheless, a national average of 38% would suggest that the message on GDPR is not getting through to the business community.
Should Small Businesses Worry?
The question to ask is how worried should we be? If the figures are to believed, then there are going to be a lot of small businesses up and down the country who may not be even close to being compliant with GDPR.
Assuming your business is complying with the current Data Protection Act of 1998, then in all probability you will be close to GDPR compliance.
However, there have been some considerable tightening up of the rules relating to privacy. Small businesses cannot afford to take any risks by getting it wrong.
If you are one of those 62% of businesses in the North West that is not aware of GDPR, then act now. If you can demonstrate you have a plan, can show some documentation of steps taken so far, then it is highly unlikely that the ICO will come knocking on your door soon.
You can do no harm by visting the ICO who have recently updated their general advice for small business. I plan to add some more blog posts, outlining the steps we have taken as officers for a “Non-Profit” organisation. In the meantime, I do have a simple checklist available here if you want to see how prepared you are with just over a month to go.