SMEs strongly positioned in the data protection sector

Small and medium-sized enterprises seem to be strongly positioned in the data protection sector, according to a recent survey of 600 German, French and British executives conducted by Usercentrics and Siinda, in cooperation with the research institute Innofact.

SMEs data protection

The survey results place the British firms at the top of the ranking, with 76.5% of executives agreeing that their company has up-to-date data protections, followed by Germany with 68% and France with 61%.

Data protection officers as a privacy necessity

Three years after the introduction of the General Data Protection Regulation (GDPR), an increase in awareness is evident in British boardrooms. 79.5% employ a data protection officer – 60.5% internally, 19% outsource the job.

The SMEs cited in the study are just as well positioned in terms of privacy tools implemented as they are in terms of staff. 63% use a consent management platform (CMP), which obtains and manages the consent of website visitors for analysis or advertising purposes.

This is a crucial part of the business strategy, as these companies access particularly sensitive data: seven out of ten SMEs collect and use customer data. While three-quarters of French companies use a CMP, only four out of ten German SMEs do.

Managers skeptical and insufficiently informed

Three years after the introduction of the GDPR, many executives still have an ambivalent attitude towards the topic of data protection. For example, 35% of respondents perceives data protection as beneficial and important for business. At the same time, however, 30% see their business model threatened by increasingly strict data protection regulations.

The study also reveals exciting insights into current market developments: there is a clear trend towards first-party data. 68% of respondents want to rely on the use of first-party data, i.e. user data. The ongoing move away from third-party cookies is in the sights of 60.5% of respondents, while only few are concerned about this development.

In Great Britain, however, there still seems to be a lot of need for clarification regarding this topic. Around 40% say they are not aware of both the first-party data trend and the third-party cookie developments.

Stephanie Vérilhac, EU Director at Siinda, outlined: “Privacy is undoubtedly an important boardroom and senior executive issue thanks to the GDPR, but concrete operational issues such as first-party and third-party data management, or regional differences are emerging. Digitalization of SMBs in Europe has accelerated in the past year, and coherent data management and data protection are key to fostering this trend ahead.“

Jürgen Weichert, CRO at Usercentrics, comments on the study as follows: “Privacy is the new normal. While we still had to do a lot of education in the early days of the GDPR, a different picture is now emerging. The topic of data protection seems to have become part of the daily business of many small and medium-sized enterprises. At the same time, however, it is becoming apparent that there are many regional differences. For example, it seems that the French are much more cautious about data protection than their German or UK counterparts, which is probably due to the rigorous enforcement by the French data protection authority CNIL.”

Don't miss