19 September 2017
Most of the conversation around the EU General Data Protection Regulation (GDPR) centres on the government and big business. But SMEs will feel the impact too.
With less than a year to prepare, it’s crucial to understand how the GDPR will affect SMEs and what needs to be done to ensure compliance…
Why big regulations matter for small businesses
Make no mistake, whatever the outcome of Brexit negotiations, it is all but guaranteed the UK will be adopting the GDPR on 25th May 2018. And when that happens, any business that collects, processes or stores personal data from EU-based individuals, will be subject to much more stringent regulations (regardless of size),
Front of mind for most will be the eye-watering fines organisations are liable to pay in the event of a data breach. A two-tiered penalty structure could see businesses fined up to 4% of annual turnover or €20 million, whichever is higher. For any small business, this could be a crushing blow. For many, it could spell the end.
Everyone is accountable
The GDPR distinguishes between the data ‘controllers’ who say how and why personal data is processed, and data ‘processors’ who act on the controllers’ behalf. Under the regulation, there is increased accountability for both in the event of a breach. SMEs must ensure that their own systems and operations are compliant, as well as those of their suppliers and providers.
Shorter notification time for breaches
It might seem like only the big boys have to worry about data breaches. But if you don’t want to be hit by those hefty fines, you need to have a proper notification process in place in the event of an attack.
Under the new rules, the relevant Data Protection Authority must be alerted within 72 hours of detection of a breach, and customers must be notified quickly if the breach poses a risk to their rights and freedoms.
Customers will have wide-ranging rights over their data
Not only will customers have to consent to the use of their data by businesses, they must be informed what that data will be used for. They will also be entitled to have inaccurate data corrected, or removed altogether. SMEs will need to provide the framework to facilitate this, or partner with a supplier that can.
Some of this stuff might seem like a lot to deal with. But you’ve got plenty of time to make the necessary changes. What’s more, the right supplier can help you achieve compliance with the regulatory regime. The key is to start now, before the GDPR is upon you.
You may also be interested in: