Posted on

GDPR Compliance: Does it apply to SMEs?

"Private Property - No Access" Sign

SME’s can often, mistakenly, dismiss the requirements of the GDPR legislation as something that for “big tech” or large data processing companies.

High profile cases of breaches in GDPR regulations (AVG in the Netherlands) or data protection legislation can give the impression that action is only taken against high profile companies.

In these cases, the volume of data compromised and the scale of the fines issued are often staggering.

An example of this is the recent findings by the UK’s Information Commissioner’s Office (ICO) against British Airways for GDPR infringements which indicates that the personal data of approximately 500,000 customers was compromised and a fine of £183.39 million is intended to be issued.

How do these high profile GDPR cases relate to SME’s?

GDPR regulation is summarised in the Irish Data Protection Commission’s literature as a law that covers how information about a person (or persons) is used in some way by some other person or organisation.

In relation to how organisations protect their customer’s data, the ICO’s Information Commissioner, Elizabeth Denham, recently noted that “The law is clear – when you are entrusted with personal data you must look after it”.

So, it’s not only larger companies that have a responsibility for how they manage their customer’s data. The rules also apply to Small and Medium Enterprises (SME’s), eCommerce stores and possibly even your blogging site!

Fines for breaching GDPR regulations can rise to a maximum level of 4% of your worldwide turnover (from the previous year), something all businesses certainly want to avoid.

What can SME’s do to mitigate against this?

Firstly, make sure your business doesn’t have it’s head in the sand! Understanding your obligations as an organisation is an absolute.

We also consider it good practice for SME’s to develop and implement a simple, efficient and transparent process for you to understand the data that you retain and for your customers to have a user-friendly means of requesting and accessing their data.

Being proactive in your approach to GDPR regulation can help you mitigate against potential data breaches, and the accompanying fines, while also giving your customers the confidence to continue to trust your business with their data and continue to do business with you!

Find Out More…

For more useful GDPR (AVG) related topics and tips like this, and to be the first to hear about our GDPR Compliance Products, why not follow us on Twitter @seahorseData


Share the knowledge

Leave a Reply

Your email address will not be published.