No matter how large or small your business might be, the thing about GDPR is that it is all-inclusive.
From the mechanics down the road, to the largest financial institution in the country, every organisation needs to adhere to the new regulations.
This is despite many SMEs admitting that they are still unprepared, even though we are now less than a month away from GDPR implementations.
Coming into force on 25 May, the lack of both awareness and resource puts many SMEs in danger of coming foul of the new regulations.
Research from the Federation of Small Businesses (FSB), has indicated that many companies will be cutting it close to being ready on that date.
Only in February 2018, the FSB found that 90 per cent of firms were still not fully prepared and hadn’t even begun work to become compliant.
Mike Cherry, FSB National Chairman said:
“GDPR is the biggest shake-up in data protection to date and many small businesses will be concerned that the changes will be too much to handle.
“It’s clear that a large part of the small business community is still unaware of the steps that they need to take to comply and may be left playing catch-up.”
Many companies, which are now facing the largest overhaul they will have ever experienced, are relying on partners and agencies and law firms for GDPR guidance.
This is of course, is a great way to kick start the process, though its important that businesses still have internal staff that can take charge and ownership of compliance.
Although larger companies are able to employ people for this specific role, smaller businesses will rely on everyone to act, alongside the additional need of key members and influencers.
This means therefore, that those key influencers need to be able to understand data management, where it is held, and who is responsible for it.
Before GDPR is implemented, every piece of personal information held by a business needs to be identified, whether on a mobile device or on the cloud.
It’s also important to look hard at your security measures and policies, and you’ll need to update every one that falls short.
A broad use of encryption for instance, is a good way to reduce the likelihood of a big penalty in the event of a breach.
If this does happen, you’ll need to ensure that staff report it within 72 hours and that everyone in the business understands what constitutes a personal data breach.
Another area that small businesses will have to look at, is whether their suppliers are GDPR compliant.
By ensuring that suppliers and contractors are compliant, this reduces the risk of being impacted by a data breach and will alleviate any consequent fines and claims.
Companies could check this by getting contractors to complete a form that confirms any security measures that they might have in place.
You can find out more about GDPR fines here.