It’s been over three years since the General Data Protection Regulation (GDPR) was introduced. Since then, there have been plenty of headlines devoted to enterprise-level data breaches but very little on how SMEs have been fairing.
Do they understand the GDPR and are they interpreting the legislation in the correct way? More than that, what is the quality of the data they hold and indeed, how do they store it?
This is what we set out to find in this survey. We wanted to gain a greater understanding of the quality of the data that SMEs hold on their customers and prospects, and the extent to which the GDPR is understood and has been adopted.
What is an SME?
According to the UK Government* , the usual definition of small and medium sized enterprises (SMEs) is any business with fewer than 250 employees. There were 6 million SMEs in the UK in 2020, which was over 99% of all businesses. There were 5.7 million micro-businesses (0-9 employees) in the UK in 2020, accounting for 96% of all businesses.
For the purposes of this survey, we based SMEs on the size of their turnover, classing any business of a turnover of up to £25 million as an SME.
*House of Commons Library Briefing Paper, Business Statistics, 22 January 2021 [accessed 25 June 2021].
The Questions
In our survey we asked 1,110 business owners and directors a number of questions:
- Whether they store their customer and prospect data in a CRM and/or other database
- Whether they run any data cleaning or update processes on the data they hold
- Whether they use physical mailing for communicating with and/or marketing to their customers
- Whether they were familiar with GDPR
- Whether they were aware that GDPR requires data to be kept clean and accurate or be deleted
The Results
Surprisingly, the survey results revealed that only two-fifths (40%) of SMEs hold their customer and prospect data (i.e. consumer data) in a CRM and/or other database; a number that seemed surprisingly low, given that most businesses need to maintain contact with their customers. This would seem to suggest that the remaining three-fifths (60%) either do not hold any customer data or that they hold it in a format they do not consider to be a database, such as Excel or on paper.
The good news is that awareness of the GDPR was high amongst the majority of SMEs (85%) and that these businesses are also aware that data must be kept clean and accurate or be deleted (89%). It’s good to see that, three years after it was introduced, most understand the importance of the legal requirements for managing data. The larger the company (by turnover), the greater the familiarity.
However, what the survey also revealed was that, while three-quarters (75%) of those with a CRM and/or other database do run data cleaning or update processes on their data, one quarter (25%) do not, despite the fact that 93% were aware of the need to clean and update or delete their data. And with two-fifths (42%) of all respondents using the data they hold for direct mailing/marketing, this raises the question of how accurate, up-to-date and compliant the data they hold for these purposes is?
Of all SMEs surveyed (irrespective of whether they have a CRM/database or not), nearly two-thirds (61%) said they do not run any data cleaning or update processes on the data they hold. This is despite the fact that over four-fifths (85%) were familiar with GDPR and almost four-fifths (79%) were aware of the legal requirement to keep data clean and accurate or delete it.
What Have We Learned?
Irrespective of the format it is held in, centralising the data a company holds into some kind of CRM or database is important, because it makes the storage, management and upkeep so much easier and, as a result, any marketing processes so much more efficient and effective too.
It was also interesting to learn that a quarter (25%) of those with a CRM and/or other database do not run data cleaning or update processes on their data. Not only is there a legal requirement for those who have a database to keep it clean and updated, but it also makes good business sense: with two-fifths (42%) of the total SME respondents using the data they hold for direct mailing/marketing, having accurate, up-to-date customer and prospect data is key to avoid wasting time, money and effort sending out direct mail that will not reach its target.
And for the third (30%) who are carrying out direct mailing activities without a CRM or database, how are they managing their data? Another survey suggests that for organisations without a CRM tool, 87% are still relying on spreadsheets as the main tool to manage customer data but if data is the new oil , then we need to be taking much better care of it!
It was positive to see that awareness of the GDPR and the requirement to keep data clean and accurate (or else delete it) was so high amongst the UK’s SMEs, which would indicate that the GDPR has firmly embedded itself. And while the majority of SMEs (92%) with a CRM or other database were aware of the need to clean and update or delete their data, there are a proportion (25%) who remain behind the curve and who are still not running the necessary cleaning or updating processes required by GDPR, demonstrating that there’s still room for improvement.
For those who are keeping their data clean and up-to-date, it’s important to keep in mind that data should still be sourced from a reputable supplier so that compliance with the GDPR is maintained.
See our full report for more.