Small business owners are ill prepared for the regulation, with almost a quarter ( 22%) entirely unaware of it, according to research from Shred-it’s ‘Security Tracker’ study, conducted by Ipsos.

The online qualitative survey of 1,000 UK small business owners (with fewer than 100 employees) and 100 C-suite executives (businesses of over 250 employees) highlighted a disparity when it comes to readiness for and understanding of GDPR dependent on the size of businesses. While 97% of C-suite executives claimed to have a basic grasp of GDPR, this dropped to 78% for small business owners.

The research also highlighted a geographical disparity: London-based small businesses were more aware of GDPR than those in other regions – only 12% of respondents in the capital stated they were not at all familiar with it, compared to 30% in the Midlands, 23% in the North of England, 20% in Scotland and 17% in Wales.

Smaller firms are also less likely to have a policy to cover how confidential documents are handled ( 45%, compared to 95% of larger businesses). Additionally, a third of small business owners ( 35%) said they did not have a policy or process in place around the disposal of paper documents.  

Neil Percy, vice-president of market development and integration EMEA, Shred-it, said: "In the lead up to 25 May and beyond, it’s crucial that organisations of all sizes begin to take a proactive approach in preparing for GDPR. To see so few firms aware of the regulations right on the eve of enforcement beginning is alarming to say the least.

"Companies need to audit their current data flows and assess where confidential information may be at risk, either in digital or physical form, and take steps to restrict accessibility and delete or, if in physical format, securely destroy it when necessary."

The fieldwork was conducted between 9-23 April 2018.

Research published by Capgemini last week suggested that 85% of companies in Europe and the US are unlikely to be GDPR compliant in time to meet the 25 May deadline.