Less than half of European SMBs are prepared for GDPR, IDC study finds

Less than half of European SMBs are prepared for GDPR, IDC study finds

New regulations will take effect in May, yet many organisations have no plans for compliance 

Elly Yates-Roberts |


A recent survey by International Data Corporation (IDC) has found that less than half of European small and midsize businesses (SMBs) have begun preparations for the pending European Union (EU) General Data Protection Regulation (GDPR).

The GDPR, which is scheduled to take effect in May 2018, will establish requirements for the way that personal data will be protected, and these requirements must be met for every citizen of the EU, regardless of the location of the company holding this information.

“As SMBs around the world increasingly look to grow revenue by reaching out to new customers, the importance of global expansion increases,” said Raymond Boggs, programme vice president for Small and Medium Business Research at IDC. “But so does the need for first-rate security and data protection, which is why GDPR compliance is important, not just to avoid fines, but to insure that vital customer information is secure and protected.”

IDC’s survey revealed varying levels of awareness and preparation among SMBs. The results of the study found that a significant proportion of small businesses in Europe (over 20% in the UK and Germany) said that they are not aware of GDPR. For small businesses outside of Europe, approximately half were unaware. Midsize businesses show much greater awareness, 80-90%, across geographies.

Almost 44% of European small businesses and 41% of midsize businesses say they will need to take compliance action. For non-European SMBs, the percentages are 38% for small businesses and 55% for midsize businesses. One third of European SMBs and over one half of non-European SMBs have no plans to comply with the regulations.

Currently, 29% of European small businesses and 41% of midsize businesses have taken steps to prepare for GDPR. Among non-European SMBs, the share of prepared firms declines to 9% among small businesses and 20% of midsize businesses.

“When looking at GDPR in Western Europe, adoption is moving ahead as expected,” said Carla La Croce, senior research analyst, European Industry Solutions, Customer Insights and Analysis. “Bigger companies move faster than smaller companies, and at a country level, Nordic countries are implementing GDPR faster than other Western European countries. GDPR compliance and implementation has been identified as the top security priority. Nevertheless, Western European companies are struggling to meet an imminent deadline, and this is more likely for small and medium companies. In addition, there are also misunderstandings and misconception issues that compromise on-time compliance.”

Any organisation that does not comply with the GDPR will face heavy fines meaning that preparation is essential. Here is our roundup of six top tips to ensure success.

Subscribe to the Technology Record newsletter


  • ©2024 Tudor Rose. All Rights Reserved. Technology Record is published by Tudor Rose with the support and guidance of Microsoft.