There is growing concern that many small businesses are not properly prepared for the introduction of the EU General Data Protection Regulation (GDPR) in just a few months.
In fact, there could well be enterprises still either oblivious to its impact or operating under the mistaken belief that it doesn’t apply to them.
You can’t hide from new data laws
In a nutshell, the new legislation impacts on all businesses that hold personal information of any sort on EU citizens. There can be few UK SMEs that are 100% immune, not least as so many buy from abroad.
Changes to remain IT compliant
The GDPR requires some rapid rethinking of your IT systems. For one thing, you will need to encrypt all personal data your hold on your customers, staff and suppliers.
It also places the spotlight even more firmly on how you gather, store and use customer data. And how you ultimately dispose of it. If you think existing data privacy laws make customer databases tricky, things are about to get even more complicated.
Being seen to manage data better
Every European business will need to have much clearer, more auditable data management procedures and controls. Even the way you share data across devices and different locations will come under increased scrutiny.
You will need to have clearly designated staff who can hold encryption keys, and procedures for when and why they can handle unencrypted data.
Greater consumer confidence
This is all designed to address the data security issues that have peppered national headlines and drastically reduced consumer confidence in the digital age.
Last year, 54,468,603 individual records were compromised in a series of data breaches. That’s a 475% increase on the year before.
Cost of compliance
For struggling SMEs, the new legislation may seem more of a threat than a positive step forwards.
However, the costs of securing improved IT support and better data handling systems need to be weighed against the option of trying to stay below the radar.
The GDPR takes data breach precautions to a whole new league, and non-compliance can result in fines of up to 20m Euros (or 4% of global turnover).
It means that after May 2018, data exposure due to cybercrime, mistakes or IT flaws, can literally destroy companies (not just their reputation).
Also, not keeping up with the demands of the GDPR could have a negative commercial impact in other ways. Any larger companies you do business with are likely to be taking it seriously. One of the weakest points in data life cycles is when information is passed to a third party.
Your big clients will need to know that your cyber security and data handling abilities dovetail with theirs, or they may not want to risk doing business with you.
Where to go for help
Getting ready for the new data laws can start from an audit of your existing IT and developing IT contingency plans.
If you handle data for a small business in Manchester and Cheshire, contact CARA Technology today to start your journey to GDPR compliance.