What's GDPR? Survey suggests smaller firms living under rocks as EU privacy regs loom

The European Union's incoming General Data Protection Regulation (GDPR) has still not registered with more than half of small companies and a third of medium-sized firms, according to a UK government survey.

The rules, which come into effect on May 25 this year, will affect all companies – not just EU ones – processing personal data in the union.

But despite months of wall-to-wall pitches from vendors offering "privacy solutions" and newly minted "GDPR-certified experts" (there's no such thing, FYI) touting their wares, some companies remain unaware.

A government survey (PDF) of 1,500 businesses – carried out between October and December 2017 as part of its broader cybersecurity survey to be published in April – found that just 38 per cent had heard of GDPR.

In general, the smaller the firm, the lower awareness – and it's important to note that small businesses don't necessarily have less cause for concern because they're not less likely to handle personal data.

The survey found that, when asked if they were aware of GDPR before that question, just 31 per cent of micro firms (2 to 9 staff) and 49 per cent of small biz (10-49 staff) said yes.

In contrast, some 66 per cent of medium-sized businesses (50-249 people) had heard of GDPR, while 80 per cent of large companies said they knew the term.

Of those that were aware of GDPR, 27 per cent had made changes to the way they operate. And again, larger firms were more likely to have done so, with 55 per cent having taken some form of action.

The most common changes were to create or change policies, followed by increasing staff training and deploying new systems.

Meanwhile, Facebook COO Sheryl Sandberg told an event in Brussels this week that the biz would launch "educational tools" that it says will help it comply.

In a bid to tick the transparency box, Sandberg announced the company would create a "privacy centre" for all users, which puts "core privacy settings" in one place.

Reuters quoted Sandberg as saying it would make it "much easier for people to manage their data".

She claimed that Facebook's apps "have long been focused on giving people transparency and control and this gives us a very good foundation to meet all the requirements of the GDPR". ®