• by Ray Schultz , May 21, 2018

With only days to go, small businesses are way behind bigger firms in grasping the General Data Protection Regulation, according to Shred-it’s 2018 Security Tracker research, conducted by Ipsos.

The study found that 97% of the C-suite execs have a basic understanding of GDPR, which takes effect on May 25, compared to 78% of small business owners.

And 47% of the executives to larger firms feel they have detailed knowledge of GDPR, vs. 10% of the SMB owners.

In addition, small business owners are complacent — only 30% understand that GDPR compliance will be a challenge, compared to 64% of the C-suite executives.

“To see so few firms aware of the regulations right on the eve of enforcement beginning is alarming to say the least,” states Neil Percy, vice president market development and integration EMEA, Shred-it.

He adds: “Companies need to audit their current data flows and assess where confidential information may be at risk, either in digital or physical form, and take steps to restrict accessibility and delete or, if in physical format, securely destroy it when necessary.”

Percy continues: “All too often organizations place themselves at risk of breach by not connecting the need to protect physical confidential material with the same level of security applied to the same data held electronically. GDPR will view a breach of data equally regardless of electronic or physical in format.”

Ipsos surveyed 1,000 business owners with fewer than 100 employees and over 100 C-suite executives in firms with over 250 employees.