One in five small businesses do not have a plan in place to deal with the EU's new General Data Protection Regulation, which imposes new obligations on all businesses who collect and store personal information on their customers.
It comes with significant new penalties including serious fines for businesses found in breach.
The Small Firms Association today launched a guide called, 'Mind our business:Prepare for GDPR'.
Sven Spollen-Behrens, SFA Director, said, "Small businesses know that GDPR is coming, with 89% either very aware or having some awareness of the changes that will take effect on 25 May 2018. With the 'go live' date less than three months away, we have seen a spike in activity among members as they get ready to comply with the new data protection regulations," he said.
"Still, it is worrying that almost one in five small businesses do not yet have a plan in place in relation to GDPR."
The SFA's Small Business GDPR Readiness Survey, conducted over the past three weeks, shows that 39% of respondents have made some preparations for General Data Protection Regulation and an additional 45% have started to prepare. No company identified themselves as 'GDPR ready' and 17% said that they have no plan in place.
Mr Spollen-Behrens said, "Many small businesses come to us feeling overwhelmed by what they have heard about GDPR, with most concerns around employee records, IT, marketing and outsourcing.
He said the SFA's publication provides a 12-point action plan for GDPR that uses only the minimum amount of jargon, is practical, shows opportunities as well as challenges and hopefully takes the fear element out of this new legislation.
"It focuses on the main challenges identified by businesses, namely understanding what legal basis applies to their data, making an inventory of data and gaining and documenting consent."