Beancounters at IDC have added up some numbers and divided them by their shoe size and reached the conclusion that only 29 percent of European small business and 41 percent of midsize companies “have taken steps to prepare” for GDPR.
Among non-European SMBs, the share of prepared firms falls to nine percent among small firms and 20 percent of midsize companies. Oddly a fifth of small businesses in the UK and Germany “are not aware” of GDPR and probably think it is a train service.
This means they have seven weeks before the EU’s privacy legislation comes into force on 25 May.
IDC senior research analyst Carla La Croce said: “When looking at GDPR in western Europe, adoption is moving ahead as expected. Bigger companies move faster than smaller companies, and at a country level, Nordic countries are implementing GDPR faster than other western European countries.
GDPR compliance and implementation has been identified as the top security priority.”
The EU claims that by making data protection law identical throughout member states, companies will make savings of £2million annually.
However, the potential penalties for failing to meet these requirements are severe: up to £17.5m or four percent of annual revenues.
SMB research VP at IDC Raymond Boggs added: “As SMB around the world increasingly looks to grow revenue by reaching out to new customers, the importance of global expansion increases.
“But so does the need for first-rate security and data protection, which is why GDPR compliance is important, not just to avoid fines, but to ensure that vital customer information is secure and protected.”