How can SMEs address their compliance concerns?

We’re living in an increasingly digital world – that much is sure. But as more and more of our everyday transactions take place online, businesses and individuals face an increased risk of fraud. At the same time data breaches are becoming better targeted, as cyber attackers get sophisticated with their tactics and methods.

The result is that businesses become subject to ever more stringent compliance regulations, as part of the fraud fightback. It’s fair enough – we all want our data and transactions to be protected. But for SMEs, meeting compliance rules can be something of a challenge – perhaps more so than it is for their bigger enterprise counterparts, who are likely to have dedicated IT resource and be better equipped with compliance policies.

Nevertheless, with SMEs subject to the same level of regulations as all other businesses, they’ve got no choice but to keep up and get themselves compliant.

Getting aligned with GDPR, PCI DSS and MiFID II

With regulations coming at businesses from what feels like all sides, it’s no wonder SMEs are concerned about making sure they’ve dotted the i’s and crossed the t’s when it comes to compliance. SMEs should start by working out which regulations apply to them, pinpointing potential compliance gaps in their own organisations and taking steps to get aligned.

The updated MiFID II (Markets in Financial Instruments Directive) came into play in January 2018. It demands several changes to business conduct for those in the financial services industry, including tightened rules around the recording and storing of conversations.

Meanwhile, the deadline for GDPR compliance is creeping up fast. By May 2018, any business that collects, processes or stores data on EU citizens must abide by a new set of regulations. Failure to do so could mean severe consequences – namely fines of 4% of annual turnover or up to €20 million (whichever is higher) – which would be crippling for many SMEs. The difference, perhaps, between continuing to be a viable business and not.

Along with these sits the PCI DSS (Payment Card Industry Data Security Standard), which is compulsory for any business that processes or stores payment card information – an area that is, by its very nature, a common target for fraud.

To learn more about the benefits of hosted telephony check out our buyer’s guide.

  Read the eGuide  

To learn more about the benefits of hosted telephony check out our buyer’s guide

Read the eGuide now

The benefits of hosted telephony solutions

To get themselves firmly on the road to compliance with all of the above, SMEs have got to get sharper when it comes to data and record keeping. One solution that will help with that is hosted telephony, which offers protection from the ongoing threat of phone fraud.

Hosted solutions are cloud based, meaning the infrastructure is no longer managed and maintained on premise by the customer, but instead delivered via an IP connection from the provider. They offer robust call recording and management systems, enabling SMEs to keep their call data secure and, in a welcome turn of events, better organised. It also makes retrieving call records a doddle – something that will be particularly helpful when it comes to GDPR compliance, which gives individuals increased control over their own data, and requires businesses to have tighter management of data records and to be able to respond quickly after data breaches.

What’s more, hosted telephony solutions come with monitoring tools that can be used to alert users in real-time if suspicious activity might affect them, making fraudulent activity less likely in the first place.

Make sure your suppliers are compliant

Even once SMEs have got their own systems in order, they must also be mindful of the suppliers and providers they’re using.

One of the trickier aspects of GDPR in particular is that it’s not just your business that’s required to be compliant – it’s your suppliers and providers too. There’ll be no shoulder shrugging or passing the buck if your provider is found to be non-compliant – the onus of accountability is on you as much as them. Now’s the time for SMEs to review the suppliers they’re working with and to ensure that they’re only working with the ones who are putting GDPR codes of conduct in place.

Compliance is daunting for SMEs, no doubt. But solutions like hosted telephony will ease the burden, keeping SMEs compliant and affording them the time to be more efficient in other ways.

To learn more about the benefits of hosted telephony check out our buyer’s guide

You may also be interested in:


9 March 2018 | Jamie Ward


The views in this article are the personal views of the author and are not necessarily endorsed by Gamma.