As GDPR approaches, many small business owners are burying their heads in the sand. According to recent research by the FSB, 33% of small businesses have not even started preparing for GDPR, while 35% are in the early stages and just 8% have completed preparations.
Some businesses think the new regulation won’t apply to them. Some think they can wait until the May deadline to take action. Some even think that GDPR won’t happen. They’re wrong. GDPR applies to any organisation that processes Personal Data for citizens of EU member states, whether that company is based in the EU or not.
Companies must be able to demonstrate where their Personal Data came from, how they process it, and their legal basis for doing so. They must also meet strict guidelines for reporting data breaches and develop processes for giving customers the right to be forgotten , among other regualtions.
Ignorance isn’t an excuse. Organisations must take steps towards compliance, or risk heavy fines. Come May 25, the ICO’s new fine structure will take effect, meaning companies that fail to comply with GDPR could attract penalties of €20M or 4% of global turnover, whichever is greater.
While the threat of fines is real, common sense suggests that the ICO will exercise some leniency in the beginning. Large, high-profile companies are obvious targets and may be used to set an example. But don’t be surprised if the ICO also singles-out some smaller businesses.
Either way, it’s time to take action. And not just to avoid fines – GDPR is a good thing; not just for EU citizens but for organisations, forced into cleansing their data and communicating in more considerate, ethical ways. This makes for happier customers, and more efficient businesses.
GDPR doesn’t need to be complicated, especially for small businesses. By now, we’ve all seen the ICO’s 12-step process for compliance and that’s a great place to start – visit the ICO website for full details.
At Salpo, we’ve developed manual and automated compliance tools to address most of these steps and guide you through the compliance process. See our GDPR page for details and watch our webinar page for upcoming demos.