There is still much work to be done before UK SMEs are fully prepared for the EU’s General Data Protection Regulation (GDPR), business barometer shows
With the GDPR compliance deadline just over six months away, the UK’s small business community remains unsure about a number of related issues.
Small to medium enterprises (SMEs) are struggling to come to grips with what “personal data” really means, their customers’ new and extended rights, and whether the permissions they currently have to contact customers will meet the requirements of GDPR.
his is one of the key findings of the Close Brothers Business Barometer, a quarterly survey that questions more than 900 SME owners and senior management across a range of sectors and regions in the UK and Republic of Ireland.
“GDPR is intended to strengthen and unify data protection for individuals within the EU, but will also affect the UK regardless of Brexit,” said Neil Davies, CEO of Close Brothers Asset Finance.
“It will ensure that all personal data has to be managed in a safe and secure way, has to be gathered lawfully, is only used for the purposes for which it was collected, and must be accurate and up to date.
Vague understanding of GDPR compliance
“The figures from the barometer tell us that uncertainty persists on a number of key compliance issues, and SMEs are concerned about the implications for their business.”
Less than a third (31%) of SMEs answered “yes” to the question, “Are you clear what ‘personal data’ means in a business context?”, with 50% responding “sort of” and the remaining 19% saying “no”.
“On a positive note, 73% of firm owners categorically stated that they do not share customers’ personal data with third parties,” said Neil. “There are, however, companies openly admitting to sharing customers’ details (8%), and a further 18% conceding they were unsure of whether they do or not.”