Most small businesses are not prepared for new data regulations, according to research by the Federation of Small Businesses.


With less than 90 days to go before the deadline for compliance with the EU’s General Data Protection Regulation (GDPR), more than 90% of small businesses in the UK are still not ready, a survey shows.

Only 8% of small firms polled by the Federation of Small Business (FSB) said their GDPR preparations were complete, 35% said preparations are only the early stages and 33% said they had not yet started. In light of these findings, the FSB is launching a GDPR awareness raising campaign called BeDataReady, in the run up to the 25 May deadline, aimed at helping 5.7 million small businesses. The survey revealed 18% of small business owners are unaware of the GDPR, and 34% have little understanding of its requirements. In January 2018, a poll of more than 500 businesses commissioned by London Chamber of Commerce and Industry (LCCI) found 24% of London business are not aware of the regulation.

Hospitality and arts and entertainment businesses are the least prepared, with more than half of respondents in these industries saying they have not yet started preparing for the changes.

In the retail and wholesale sector, 41% have not started preparations, followed by construction (37%), manufacturing (28%), and scientific professional (27%). Small businesses in the financial services sector are the most prepared, with 82% of respondents having started or completed their GDPR preparations, but 16% have still not started. Similarly, in ICT, 15% have not yet started, but 76% have started or completed preparations.

Mike Cherry, national chairman of FSB, said the organisation is in a unique position to reach small businesses. “We’re going to step up efforts to help and support them get data ready, while continuing to make sure the government implements the regulation in the fairest way for small firms.”

Although the regulation applies directly to UK firms ahead of Brexit, the UK government plans to introduce new data legislation that applies the GDPR regulations to the UK and includes UK-specific provisions where the GDPR allows for discretion by individual countries.

This new data protection law will apply post-Brexit and is part of the government’s plans aimed at ensuring data flows between the UK and EU are not interrupted post-Brexit by maximising the chances of the UK being granted a data protection adequacy ruling or some other equivalent. Cherry said the GDPR is the biggest shake-up in data protection to date. “Many small businesses will be concerned the changes will be too much to handle. It’s clear a large part of the small business community is still unaware of the steps they need to take to comply and may be left playing catch-up,” he said.

UK information commissioner Elizabeth Denham welcomed the FSB campaign. “Research suggests the SME sector is less prepared than others for the changes. We know that many small businesses are keen to get it right, but with so much misinformation out there, it’s difficult for them to know what’s right and what’s not. It is therefore very welcome that FSB is running this campaign.” The FSB campaign will run from 26 February to 2 March 2018.


This article was by Warwick Ashford, Security Editor for Computer Weekly.