Most European SMEs not ready for GDPR

Over three quarters of European SMEs are in the dark about the forthcoming General Data Protection Regulation (GDPR), which comes into force in May 2018. New consent rules, broadened European privacy rights, fines going up to millions of euros, and stricter procedures and public disclosure in cases of data breaches are part of the GDPR law. This was also outlined at last month's European Managed Services Summit in Amsterdam, where attendees were warned of the issue and impact on services companies by a leading legal firm partner here.

Despite the significance of these changes, most European SMEs are not prepared to deal with GDPR, according to research conducted by IDC Research on behalf of Slovakia-headquartered security vendor ESET. IDC polled 700 SMEs across the Czech Republic, Germany, Italy, the Netherlands, Slovakia, Spain and the UK, and found a quarter (25%) were not even aware of GDPR, and more than half (52%) were “unsure of the impact” on their organisation.

The picture wasn't much better among those firms which were aware of the regulation, as 20% hadn't started preparing for GDPR yet – only one year out - and almost 60% were still getting their systems in line with the new rules. Only a fifth said they were actually ready for the changes.

The new regulation sets maximum fines to as high as €20m or 4% of a company’s annual turnover for the most serious data breaches. The survey focused on SMEs with 50–499 endpoints to protect across all vertical sectors