Less than half of European small and midsize businesses (SMBs) have taken steps to prepare for the EU General Data Protection Regulation (GDPR). Among non-European SMBs, the share of prepared firms is significantly lower, according to a recent IDC survey.
The GDPR, scheduled to take effect May 25, 2018, establishes strict requirements for the way that personal data must be governed and protected. These requirements must be met for every citizen of the European Union, regardless of the geographic location of the company holding this information.
Potential penalties for failing to meet these requirements are severe – up to 20 million Euro ($28 million USD) or 4 percent of annual revenue for non-compliance – making this what should be a high priority issue for businesses of all sizes and locations.
Despite the potential consequences of failing to comply with the GDPR, IDC’s survey found varying levels of awareness, planning, and preparation among SMBs.
Over 20 percent in the UK and Germany indicate they are not aware of GDPR. For small businesses outside of Europe, about half are unaware. Midsize businesses show much greater awareness, 80-90 percent, across geographies.
Independent of GDPR awareness, almost 44 percent of European small businesses and 41 percent of midsize businesses say they will need to take compliance action. For non-European SMBs, the percentages are 38 percent for small businesses and 55 percent for midsize businesses. One third of Europe SMBs and more than one half of non-European SMBs have no plans to comply.
Only 29 percent of European small businesses and 41 percent of midsize businesses have taken steps to prepare for GDPR. Among non-European SMBs, the share of prepared firms declines to 9 percent among small businesses and 20 percent of midsize businesses.
