Business owners have just six months to get organised ahead of the new General Data Protection Regulation legislation which comes into force on 25th May 2018.
Research into how businesses are preparing for the changes has found that six in 10 SMEs are getting ready for the GDPR deadline, but 2.1 million are still not preparing.
The survey commissioned by The Data Compliance Doctors also reveals that four in ten (43%) business owners said marketing staff had raised concerns about their current ability to handle and use data in accordance with GDPR. In response, 44% had reorganised operational responsibilities and processes.
Over a quarter (27%) of SMEs also said they had hired new staff to help prepare for GDPR, spending, on average, £13,300 on salaries so far. As a result, over half (54%) now feel they have the right GDPR expertise in-house. Half of those questioned have also invested in expert guidance or consultancy, spending almost £8,000 each on fees to date.
Worryingly, despite this spend, nearly three quarters (73%) do not have detailed documentation to evidence their GDPR compliance and over two thirds (64%) of business have no plan in place for customer data breaches.
Lisa Chittenden, Data Compliance Doctor at The Data Compliance Doctors comments:
“Our survey has revealed a mixed bag in terms of GDPR preparation amongst SMEs. Some have spent a lot of time and money to ensure they are in a good position come May 25, 2018. However, our figures show there are many thousands that have not even started, despite all the discussion and media stories in recent months. But, with six months to go, it’s not too late to get yourself up to speed.
She goes on to say:
“I’d also caution with those businesses planning to contact customers direct for data consent, as opt-in communications can dramatically reduce the number of customers you can talk to. However, there’s a variety of other ways to make data eligible for marketing use – some of which provide greater scope to keep historic information. Our figures reveal that a third of business owners are unsure of the different laws relating to mail versus electronic communications for this purpose. A further third are also unaware of the different permission types, so I’d encourage them to seek expert advice or do some research to ensure they’re fully compliant.”
Want to know more? Read this guide into what every business owner should know about GDPR.