Less Than Half of European SMBs Prepared for GDPR – IDC

A survey by IDC Corp. found that less than half of European SMBs have taken steps to prepare for the pending EU General Data Protection Regulation (GDPR).

Among non-European SMBs, the share of prepared firms is lower.

“As SMB around the world increasingly look to grow revenue by reaching out to new customers, the importance of global expansion increases,” said Raymond Boggs, program VP, small and medium business research, IDC. “But so does the need for first-rate security and data protection, which is why GDPR compliance is important, not just to avoid fines, but to insure that vital customer information is secure and protected.”

The GDPR, scheduled to take effect May 25, 2018, establishes strict requirements for the way that personal data must be governed and protected. These requirements must be met for every citizen of the Euroean Union, regardless of the geographic location of the company holding this information. Potential penalties for failing to meet these requirements are severe – up to €20 million ($28 million) or 4% of annual revenue for non-compliance – making this what should be a high priority issue for businesses of all sizes and locations.

Despite the potential consequences of failing to comply with the GDPR, IDC’s survey found varying levels of awareness, planning, and preparation among SMBs.

Findings from the survey include the following:
• A significant share of small businesses in Europe (over 20% in the UK and Germany) indicate they are not aware of GDPR. For small businesses outside of Europe, about half are unaware. Midsize businesses show much greater awareness, 80-90%, across geographies.
• Independent of GDPR awareness, almost 44% of European small businesses and 41% of midsize businesses say they will need to take compliance action. For non-European SMBs, the%ages are 38% for small businesses and 55% for mid-size businesses. One third of Europe SMBs and more than one half of non-European SMBs have no plans to comply.
• Only 29% of European small businesses and 41% of midsize businesses have taken steps to prepare for GDPR. Among non-European SMBs, the share of prepared firms declines to 9% among small businesses and 20% of midsize businesses.

SMB Awareness of GDPR in European and Non-European Countries
Click to enlarge

“When looking at GDPR in Western Europe, adoption is moving ahead as expected. Bigger companies move faster than smaller companies, and at a country level, Nordic countries are implementing GDPR faster than other Western European countries. GDPR compliance and implementation has been identified as the top security priority,” said Carla La Croce, senior research analyst, European industry solutions, customer insights and analysis. “Nevertheless, Western European companies are struggling to meet an imminent deadline, and this is more likely for small and medium companies. In addition, there are also misunderstandings and misconception issues that compromise on-time compliance.”

The IDC report, 2018 Worldwide SMBs GDPR Ready (or Not) in Seven Countries (IDC #US43650018, $4,500), examines the awareness, activity, and expectations of small businesses (10-99 employees) and mid-size firms (100-999 employees) with regard to GDPR.

The findings of this figure are based on a January 2018 survey of more than 2,000 business owners, line of business leaders, and IT leaders aware of or managing IT spending in seven countries (Brazil, China, Germany, India, Japan, the UK, and the United States).