law gavel

Being caught unaware of GDPR’s provisions will have severe consequences. Source: Pixabay

SMEs around the world are unprepared for GDPR – study

IGNORANTIA juris non excusat, latin for “ignorance of the law cannot be used as an excuse” – but Ignorance is all we’re seeing with SMEs around the world when it comes to compliance with the EU’s General Data Protection Regulation (GDPR).

Scheduled to take effect next month, the GDPR establishes strict requirements for the way that personal data must be governed and protected.

These requirements must be met for every citizen of the European Union, regardless of the geographic location of the company holding this information. Potential penalties for failing to meet these requirements are severe – up to EUR 20 million (US$28 million) or 4 percent of annual revenue – making this a high priority issue for businesses of all sizes and locations.

However, according to an IDC survey, less than half of European SMEs have taken steps to comply. Among non-European SMEs, the share of firms prepared to comply is significantly lower.

“As SMB around the world increasingly look to grow revenue by reaching out to new customers, the importance of global expansion increases. But so does the need for first-rate security and data protection, which is why GDPR compliance is important, not just to avoid fines, but to insure that vital customer information is secure and protected,” said Raymond Boggs, Program Vice President, Small and Medium Business Research, IDC.

Despite the potential consequences of failing to comply with the GDPR, IDC’s survey found varying levels of awareness, planning, and preparation among SMBs. Key findings from the survey include the following:


A significant number of small businesses in Europe (more than 20 percent in the UK and Germany) indicate they are not aware of GDPR. For small businesses outside of Europe, about half are unaware. Midsize businesses show much greater awareness, 80 to 90 percent, across geographies.


Independent of GDPR awareness, almost 44 percent of European small businesses and 41 percent of midsize businesses say they will need to take compliance action. For non-European SMBs, the percentages are 38 percent for small businesses and 55 percent for midsize businesses. One third of Europe SMBs and more than one half of non-European SMBs have no plans to comply.


Only 29 percent of European small businesses and 41 percent of midsize businesses have taken steps to prepare for GDPR. Among non-European SMBs, the share of prepared firms declines to 9 percent among small businesses and 20 percent of midsize businesses.

Carla La Croce, Senior Research Analyst, European Industry Solutions, Customer Insights & Analysis, IDC said:

When looking at GDPR in Western Europe, adoption is moving ahead as expected.

Bigger companies move faster than smaller companies, and at a country level, Nordic countries are implementing GDPR faster than other Western European countries. GDPR compliance and implementation has been identified as the top security priority.

Nevertheless, Western European companies are struggling to meet an imminent deadline, and this is more likely for small and medium companies. In addition, there are also misunderstandings and misconception issues that compromise on-time compliance.