18 May 2018
The GDPR is rightly on the minds of everyone business, of all sizes. In recent GDPR headlines, big companies seem to featuring quite heavily. After all, if anyone’s going to be hit with a fine of €20 million it’s going to be a behemoth enterprise who’s left the back door open (legislatively speaking).
However, small businesses should be equally aware of the repercussions of non-compliance. Not just because the legislators will be looking out for non-compliant businesses; but because losing 4% of annual turnover due to a significant data protection issue is likely to have a far greater impact on a small business than it will on a better-resistant conglomerate.
Comply or die
It’s worrying that on 6 May 2018 the UK’s Institute of Directors (IoD) said that only six in every ten of its members will have been fully GDPR compliant come launch date. Meaning that should the other four get a knock on the door, trouble may very well ensue. There’s no room for leeway in the GDPR. It’s full compliance, or none at all.
Remembering that the IoD’s membership is around 70% SME, this is bad news for the UK’s small biz sector, many of whom are going into a regulatory maelstrom underprepared.
The consequences of non-compliance can be dire. Even beyond the fines, there are big considerations for SMEs. With the public so aware of how their data is used, stored and shared – particularly post-Facebook/Cambridge Analytica – publicly falling foul of the GDPR could cause severe harm to reputation. Losing trust these days is tantamount to losing trade. With SMEs in need of every bit of revenue and loyalty they can grasp, this is reason alone to get on the right side of the line.
But what about that financial picture? Yes, 4% is the much touted figure but in reality, most experts agree that that kind of punishment will be relatively rare. Yet, even if an SME avoids that kind of crippling figure, they’ll still be at risk of a financial penalty that could derail a quarter’s financial reporting. Not to mention the ability to pay staff bonuses, recruit contingency staff or put growth plans into action.
The consequences of non-compliance
The reason so many SMEs are behind the curve with regard to being GDPR compliant stands to reason. A lot of small businesses run their operations without dedicated support staff in IT. So keeping track of legislation that can be quite technically nuanced can be both difficult and unduly time consuming. Likewise, SMEs are comparatively unlikely to hire a Data Protection Officer.
As such, it makes sense for SMEs to look at where they can acquire technology and services with GDPR compliance baked in. Any solution that comes pre-fitted with the latest security requirements will be hugely beneficial. Removing the onus on a one-man-band business (for instance) to think about being fully GPDR compliant when they’re just trying to keep their mailing list in step will eliminate the stress of trying to work it all out.
It’s also worth SMEs remembering that the ICO (Information Commissioner’s Office) is on the side of businesses. They’ve got specific advice for SMEs on their website right now to read over and act on.
One thing’s for sure: the GDPR has landed. Businesses’ approach to data now needs to be different, but with the right tools, advice and technology, there’s really no need to panic.
18 May 2018 | Jamie Ward
The views in this article are the personal views of the author and are not necessarily endorsed by Gamma.