On 25th May 2018, the General Data Protection Regulation (GDPR) became law, making imperative for all firms that process the personal data of EU citizens to do more to protect that data, while also providing individuals with new rights.
However, with the regulation now over a year old, there’s evidence that many SMEs are still failing to conduct even basic elements of GDPR compliance, such as data protection impact assessments.
Here, we will look at the current situation between SMEs and GDPR and ask what more can be done to ensure compliance.
Why GDPR matters
Before we look at what has happened over the past year, it’s worth noting of of what’s at stake for SMEs. Under GDPR, if a business suffers a data breach and is found not to have implemented appropriate data protection measures, it faces fines of as much as 4% of its global turnover. As well as the significant brand damage that can occur with large scale data breaches and the resulting loss of customer confidence, ensuring GDPR compliance couldn’t be more important for firms of all sizes, as they would also suffer from the financial consequences.
The fines have started
Over the past year regulators in Europe have shown that they are ready to start checking who is following the law correctly and start fining those who are not.. In the UK, for example, the Information Commissioner’s Office (ICO) has announced its intention to fine British Airways and Marriott International £183 million and £99 million respectively for recent data breaches. According to the International Association of Privacy Professionals, the first year of GDPR saw a total of €56 million in fines. . While the headlines have focused on large enterprises, SMEs should be under no illusion that the regulators won’t come for them.
Are SMEs prepared?
According to a study, 30% of European firms lack confidence that their business is compliant. The research also found that 21% of mid-market businesses admit having no cybersecurity strategy in place.
Statistics like these suggest that when it comes to GDPR many businesses are sticking their heads in the sand and hoping they will go unnoticed by regulators and cybercriminals alike. For such firms, the risk of receiving fines for non-compliance are very high.
GDPR compliance need not be complicated
The good news is that once a company realises that it has no choice but to act on GDPR rules, there are a number of solutions available. Such tools enable firms to, for example, rapidly carry out data protection impact assessments on projects so they can ensure the work carried out is GDPR compliant from day one.
The challenge you may find is knowing which software package to choose. Different GDPR compliance software services come with different features such as access control, compliance management, consent management and sensitive data identification, and knowing which will meet your specific compliance shortfalls can be a challenge.
Make GDPR ‘year two’ a success
GDPR is now in full effect and momentum is gathering around regulatory action, so if you have left your GDPR preparations this long, now really is the time to act. The regulation applies equally to SMEs as it does to large enterprises.
Fortunately, the market has what you need to achieve compliance rapidly – visit our GDPR compliance software list to search over 125 available solutions today and take a step closer to compliance.