Mind the GDPR gap – SMB’s think data rules don’t apply to them


Nearly half (38%) of small to medium-sized businesses believe the Global Data Privacy Rules (GDPR) don’t apply to the customer data they are handling.

That’s according to the Data & Marketing Association’s (DMA) latest ‘SMBs and GDPR‘ report.

The research was created in partnership with Xynics, which investigated the impact of the GDPR on organisations with fewer than 250 employees.

GDPR research

In addition, almost a fifth of SMBs (18%) feel the impact of the GDPR has been negative. This is around four times the number seen in previous research of the entire data and marketing industry; including large organisations and multinationals.

This highlights how these smaller organisations may be struggling with the new laws more than their larger counterparts.

Most of the data and marketing industry understands and has implemented the necessary strategies to be GDPR compliant. This includes protecting physical data and destroying it with services that provide document destruction Charlottesville.

“There is a concern about knowledge gaps and training made available to SMBs”, said Tim Bond, DMA Head of Insight.

“Of greatest concern is that 38% of them appear to believe that the GDPR does not apply to customer data they may acquire and process”.

“SMBs form the bedrock of our economy, yet are the ones with the lowest knowledge and, therefore, the highest risk.


“We’ve been staggered by the increasing number of businesses, suppliers and partners that remain non-compliant with the GDPR,” stated Mike Kilby, Solutions Consultant & Data Protection Practitioner, Xynics Data Solutions Ltd.

“Part of the problem is that although some businesses know they are having difficulties; the vast majority don’t know where to go for help.”

Overall, sentiment among SMBs about the new laws has been positive; whether that’s in relation to marketing programmes (54%), sales (49%) or internal processes (60%).

In fact, the 57% of respondents who reported a generally positive impact on their business was even higher than the 44% we saw for all businesses in our ‘Data Privacy: An Industry Perspective 2019‘ report (57%).

“Compliance is clearly an important issue when it comes to GDPR. But, it’s also important to remember that the benefits of being diligent with data go far beyond that.

“This strategy already appears to be paying dividends for some. The future success of our industry depends on all organisations placing the needs of customers front and centre,” added Bond.