What's GDPR? Survey suggests smaller firms living under rocks as EU privacy regs loom

While Facebook boasts tools to help users 'manage their data'

By Rebecca Hill


The European Union's incoming General Data Protection Regulation (GDPR) has still not registered with more than half of small companies and a third of medium-sized firms, according to a UK government survey.

The rules, which come into effect on May 25 this year, will affect all companies – not just EU ones – processing personal data in the union.

But despite months of wall-to-wall pitches from vendors offering "privacy solutions" and newly minted "GDPR-certified experts" (there's no such thing, FYI) touting their wares, some companies remain unaware.

A government survey (PDF) of 1,500 businesses – carried out between October and December 2017 as part of its broader cybersecurity survey to be published in April – found that just 38 per cent had heard of GDPR.

In general, the smaller the firm, the lower awareness – and it's important to note that small businesses don't necessarily have less cause for concern because they're not less likely to handle personal data.

The survey found that, when asked if they were aware of GDPR before that question, just 31 per cent of micro firms (2 to 9 staff) and 49 per cent of small biz (10-49 staff) said yes.

In contrast, some 66 per cent of medium-sized businesses (50-249 people) had heard of GDPR, while 80 per cent of large companies said they knew the term.

Of those that were aware of GDPR, 27 per cent had made changes to the way they operate. And again, larger firms were more likely to have done so, with 55 per cent having taken some form of action.

The most common changes were to create or change policies, followed by increasing staff training and deploying new systems.

Meanwhile, Facebook COO Sheryl Sandberg told an event in Brussels this week that the biz would launch "educational tools" that it says will help it comply.

In a bid to tick the transparency box, Sandberg announced the company would create a "privacy centre" for all users, which puts "core privacy settings" in one place.

Reuters quoted Sandberg as saying it would make it "much easier for people to manage their data".

She claimed that Facebook's apps "have long been focused on giving people transparency and control and this gives us a very good foundation to meet all the requirements of the GDPR". ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Er, we have 670 staff to feed now: UK's ICO fines 100 firms that failed to pay data protection fee

Enforcing GDPR is expensive work, says watchdog

Campaigners call for immigration exemption in UK's Data Protection Act to be scrapped

Judicial review into law launched

Cambridge Analytica seeks data protection assistant

Jobseeker? You may have heard of it...

Reel talk: You know what's safely offline? Tape. Data protection outfit Veeam inks deal with Quantum

Magnetic strips barrier to ransomware, burble box-flingers

US tech circles wagons as India reviews data protection proposals

Ex-Cisco CEO-chaired lobby leading the charge

IT management software crowd Kaseya buys cloudy data protection crew Spanning

Private equity holdings shuffle

Why, hello Rubrik's Trello: Data protection biz leaves productivity tool open to world+dog

Anyone with URL could see lists of case study projects

Uber hack: EU data protection bods launch taskforce

Justice commissioner slams biz for 'irresponsible' behaviour's Brexiteers warned not to push for divergence on data protection laws

As PM lacks specifics on UK’s desired ‘adequacy-plus’ deal

Big tech wants the ICO on EU data protection board in Brexit fallout

Watchdog keeping voting rights 'huge gain' for marketing sector, say Facebook, Google et al