What's GDPR? Survey suggests smaller firms living under rocks as EU privacy regs loom

While Facebook boasts tools to help users 'manage their data'

By Rebecca Hill


The European Union's incoming General Data Protection Regulation (GDPR) has still not registered with more than half of small companies and a third of medium-sized firms, according to a UK government survey.

The rules, which come into effect on May 25 this year, will affect all companies – not just EU ones – processing personal data in the union.

But despite months of wall-to-wall pitches from vendors offering "privacy solutions" and newly minted "GDPR-certified experts" (there's no such thing, FYI) touting their wares, some companies remain unaware.

A government survey (PDF) of 1,500 businesses – carried out between October and December 2017 as part of its broader cybersecurity survey to be published in April – found that just 38 per cent had heard of GDPR.

In general, the smaller the firm, the lower awareness – and it's important to note that small businesses don't necessarily have less cause for concern because they're not less likely to handle personal data.

The survey found that, when asked if they were aware of GDPR before that question, just 31 per cent of micro firms (2 to 9 staff) and 49 per cent of small biz (10-49 staff) said yes.

In contrast, some 66 per cent of medium-sized businesses (50-249 people) had heard of GDPR, while 80 per cent of large companies said they knew the term.

Of those that were aware of GDPR, 27 per cent had made changes to the way they operate. And again, larger firms were more likely to have done so, with 55 per cent having taken some form of action.

The most common changes were to create or change policies, followed by increasing staff training and deploying new systems.

Meanwhile, Facebook COO Sheryl Sandberg told an event in Brussels this week that the biz would launch "educational tools" that it says will help it comply.

In a bid to tick the transparency box, Sandberg announced the company would create a "privacy centre" for all users, which puts "core privacy settings" in one place.

Reuters quoted Sandberg as saying it would make it "much easier for people to manage their data".

She claimed that Facebook's apps "have long been focused on giving people transparency and control and this gives us a very good foundation to meet all the requirements of the GDPR". ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Cambridge Analytica seeks data protection assistant

Jobseeker? You may have heard of it...

Why, hello Rubrik's Trello: Data protection biz leaves productivity tool open to world+dog

Anyone with URL could see lists of case study projects's Brexiteers warned not to push for divergence on data protection laws

As PM lacks specifics on UK’s desired ‘adequacy-plus’ deal

Uber hack: EU data protection bods launch taskforce

Justice commissioner slams biz for 'irresponsible' behaviour

Big tech wants the ICO on EU data protection board in Brexit fallout

Watchdog keeping voting rights 'huge gain' for marketing sector, say Facebook, Google et al

UK regulator moots data protection sandbox for organisations to play in

ICO strategy outlines plans to slurp up academic expertise

Austrian privacy chief handed leash to EU's data protection beast

Group warms up for greater powers once GDPR hits

Facebook smartmobe app's pre-ticked privacy settings violate German data protection law

Court favours consumer group in long-running dispute

Don't sweat Brexit, big biz told: Your shiny data protection sticker will remain intact

Survey reveals GDPR training and investment is on the rise told: Scrap immigration exemption from Data Protection Bill or we'll see you in court

Campaigners say proposed law would create a 'discriminatory' system for data access rights