Nov 24, 2020 | Articles, GDPR

It doesn’t apply to me!!!

Howard Freeman

Howard Freeman

One-third of small businesses don’t feel GDPR applies to them.

It doesn’t apply to me!!!

We interviewed our CEO, Howard Freeman, who talks with SME business owners every day and he offered us his insights for the website.

Howard, do small businesses understand the GDPR and what are their feelings about it?

Most small businesses are feeling positive about the General Data Protection Regulation (GDPR) rules.

Many more just groan when I raise the subject with them or when they ask what my business does. More than a third of those to whom I have spoken don’t feel that the GDPR applies to them. A lot tell me that ‘it doesn’t apply to me!!!’ They tell me that ‘the GDPR doesn’t apply to me as I am exempt. It doesn’t apply to me as my business is too small.’ Most who claim so, have not actually understood how they could be exempt. Very few businesses are I should add.

It doesn't apply to me!!!
GDPR and the SME
Many SMEs are living in ignorance of the threat they face. When I discuss GDPR with these business leaders, it is clear that they are unaware of what is really needed.

How big is the problem?

A significant portion of data decision-makers within these businesses do not believe that the laws are applicable to the customer data they hold. A large number of businesses also believe the law isn’t applicable to online browsing data. It is possibly 50%, probably more.

It’s not all bad news though?

Absolutely not! The majority of SMEs feel confident in their understanding of the new data protection laws. Many say that GDPR has had a positive effect on their processes and operations.

However, there is a significant concern to these businesses that bring a great deal to the UK economy. The concern is that this belief of sufficient knowledge is not being tested. Many SMEs are living in ignorance of the threat they face. When I discuss GDPR with these business leaders, it is clear that they are unaware of what is really needed.

The split between those that appear to have a good understanding of where GDPR is applicable and those who don’t is 20/80. The 80% is those who do not have an understanding that is deserving of their confidence.

Surely a business leader can’t be expected to know everything?

Again, absolutely not! Many leaders relied on their staff to ensure they had the knowledge and understanding that is required. Sadly, this leads to bigger problems. Staff members were asked to ‘sort out this GDPR stuff’ but were not suitably experienced to deliver. So, they turned to the search engines and ended up downloading documents that bodies had chosen to publish. Or, they bought templates. Both solutions do not deliver compliance, just paperwork.

Approximately three-quarters, at senior level or mid-level management, believe their organisation’s collective knowledge about the data protection changes brought in with GDPR is high. This is unlikely to be the case. However, many SME leaders stated that they had seen improvements to internal processes as a result of implementing the GDPR.

How has this affected marketing and sales processes?

Many leaders tell me that there has also been a positive impact on marketing programmes. The early panic to gain consent leading up to the enforcement of GDPR proved pointless so they came up with legal ways to clean up their databases. This in turn meant that marketing and sales activities became more focussed and in turn improved ROI.

Has it been positive for everyone?

Sadly not. One in 5 said that their businesses, in general, had been negatively affected by GDPR. Whilst a quarter, 25%, have seen little change.

Worryingly, however, with over two years having passed since the GDPR came into force, a significant number of SMEs haven’t begun to undertake a host of the key processes required for them to remain on the right side of compliance.

Nearly a third of SMBs, for example, have not yet begun to audit third-party data, while 22% of firms haven’t conducted data protection impact assessments (DPIAs).

If you are one of these businesses, what should you do?

Talk to us is the easy answer to that question. We can carry out a simple audit to find the obvious gaps through to a full audit which digs into the detail. We can tell you quickly if you are compliant and then produce a report to provide the detail. We can offer clarity on the statement ‘It doesn’t apply to me’.

How does a business contact you?

They can fill in a contact form here. Or they can call us on 03333 22 1011 as we do like to talk with people and we make time to listen.

Howard, thank you.


Can we help?