With just days to go until enforcement of GDPR begins on May 25th, nearly a quarter (22 percent) of small business owners are totally unaware of the forthcoming General Data Protection Regulation, according to the first data released from Shred-it’s eighth annual Security Tracker research, conducted by Ipsos.
Ipsos conducted a quantitative online survey of two distinct sample groups – 1,000 Small Business Owners (SMO) in the United Kingdom, all of which have fewer than 100 employees, and over 100 C-Suite Executives in the United Kingdom within businesses of over 250 employees.
The research makes clear that there is a huge disparity in terms of preparedness and focus based on the size of businesses. Ninety-seven percent of C-suite executives at large companies have at least a basic understanding of GDPR, compared to 78 percent of small business owners. Forty-seven percent of the top brass at larger firms are confident of having detailed knowledge. That figure for small businesses is just 10 percent.
According to the study, London-based businesses are also much more aware than those in other regions, with just 12 percent stating that they were not at all familiar with GDPR, compared with much higher figures in the Midlands (30 percent), the North (23 percent), Scotland (20 percent) and Wales (17 percent).
Alarmingly though, small business owners are more complacent and are typically underestimating the scale of the task-at-hand: less than a third (30 percent) acknowledge that they will face a challenge becoming compliant with GDPR by the deadline, compared to 64 percent of C-suite executives.
Neil Percy – Vice President Market Development and Integration EMEA, Shred-it said: “In the lead up to May 25th and beyond, it’s crucial that organisations of all sizes begin to take a proactive approach in preparing for GDPR. To see so few firms aware of the regulations right on the eve of enforcement beginning is alarming to say the least.”
“Companies need to audit their current data flows and assess where confidential information may be at risk, either in digital or physical form, and take steps to restrict accessibility and delete or, if in physical format, securely destroy it when necessary. All too often organisations place themselves at risk of breach by not connecting the need to protect physical confidential material with the same level of security applied to the same data held electronically. GDPR will view a breach of data equally regardless of electronic or physical in format.”