NEWS28 February 2020

DMA survey highlights gaps in SME GDPR knowledge and compliance

B2B GDPR News Privacy UK

UK – A third of small to medium-sized businesses surveyed by the Data & Marketing Association may not be fully aware of their data protection obligations under GDPR, research from the organisation has found.

Privacy abstract image

Although over two-thirds of respondents ( 68%) claimed they had a ‘good’ or ‘moderate’ awareness of GDPR, a follow-up question about its application suggests there is still some lack of understanding.

The online study was carried out in November 2019, 18 months after the introduction of GDPR in May 2018.

Respondents were asked what types of data their business collects, stores or uses, and then which types of data their business comes into contact with that GDPR applies to – data on existing B2B customers was the most popular response ( 73% of respondents), followed by data on existing B2C customers ( 68%) and employees ( 67%). When it came to potential customer data, 63% agreed that GDPR applies, and 59% thought it applied to supplier data.

Tim Bond, head of insight at the DMA, said: “While most of the data and marketing industry has long been aware, understood and implemented the necessary strategies to be compliant with the GDPR, there is a concern about knowledge gaps and training made available to smaller and medium-sized businesses. Of greatest concern is that 38% of them appear to believe that the GDPR does not apply to customer data they may acquire and process.”

Only 10% of the businesses surveyed believed they were fully compliant with GDPR at the time of the research, with 65% saying they are either ‘half-way’ or ‘three-quarters’ of the way towards compliance. The other quarter said they are in the ‘early stages’ of GDPR compliance.

Respondents were more confident in their colleagues’ collective knowledge than their own individual understanding, the research suggested. Three-quarters ( 74%) rated their organisation’s collective knowledge about the changes as ‘high’, with the remainder evenly split between ‘moderate’ ( 11%) and low ( 14%). 

When asked how GDPR had affected their organisation, 18% of respondents claimed it had negatively affected their business in general, while the majority ( 57%) felt that its impact had been positive.

The DMA conducted the online survey of 293 respondents in partnership with Xynics. Respondents were either senior (managing director; owner/partner; director; head of) or mid-level (manager) leaders working in small to medium-sized businesses (with 250 or fewer employees).



4 years ago

Xynics would like to thank all those who took part in the survey and our colleagues at the DMA for helping us with this project. The results indeed backed up what we as Data and Business Consultants see in the SME community every day. Support for businesses does not have to cost a lot of money and is a small price to pay for the peace-of-mind that your business is fully in control of information, is secure and has stability for the future.

Like Report

4 years ago

I wonder if "May not be fully aware" actually translates to "think GDPR is an inconvenience that they hope will go away"...

Like Report