GDPR non-compliance

716 small business leaders in Europe were surveyed about their GDPR non-compliance.

Their answers suggest widespread ignorance about data security tools and loose adherence to the law’s key privacy provisions.

GDPR Compliance Survey: Here are some of the key takeaways and results that surprised most:

  • Around half of small businesses are failing GDPR compliance on two crucial requirements.
    The GDPR requires companies to describe data processing activities in clear, plain language to data subjects. It also requires businesses to identify a lawful basis for using someone’s data.
    Around half of respondents were not completely sure they complied with either of these two provisions.
  • Many business leaders are confused about basic data security concepts, like encryption. When we asked whether they used end-to-end encrypted email, about two-thirds said yes.
    But when we asked these people to identify the service, only about 9% named one. “VPN,” “Mailchimp,” and “Dropbox” were among the responses.
    Seven Irish respondents said their end-to-end cloud storage provider was “Reddit.”
  • Small businesses have invested heavily in GDPR compliance. We were surprised to learn that over half of small businesses report spending between €1,000 and €50,000 on GDPR compliance, including consultants and technology.
    Yet despite these costs, most said they did not believe the GDPR would slow the growth of their business.
  • While some respondents said they did not believe regulators would bother imposing penalties against small businesses, many more cited fear of fines as their main reason for complying with the GDPR.
    Here’s one explanation that was typical of several responses: “We are the easy hits. Big companies can afford lawyers to fight in their corner. We can’t so are seen as easy targets.”

Read the full report here. Do note this link takes you to away from our website and to the official GDPR website by the European Union.