There’s a scary reality for a bulk of the UK’s SME businesses. According to the Federation of Small Businesses, “a third of small businesses have not even started preparing for the GDPR, while a further third concede they are still in the early stages of preparations. Just 8 per cent of small businesses have completed their preparations for the regulation, which comes into force on 25 May.”
And time’s running out, quickly.
Most of us have suddenly, almost overnight, been inundated with “updated T&C” emails, or notifications when we log into our favourite platform or dashboard – all representative of organisations getting ready for a huge change in legislation on 25th May detailing how we, as businesses, are to store and use personal data. Being called “the largest overhaul of European data protection rules in 20 years,” GDPR legislates that EU citizens shall own data about themselves. It gives the EU citizen rights over their personal data, even if the organisation that holds that data is based outside of the EU.
Unfortunately, what may be holding a number of SMEs in the UK back from getting their houses in order, is simply a lack of understanding what GDPR means, and the process they need to follow, to get themselves ready for the changes in store. Unfortunately, contrary to what many smaller businesses believe, no smaller businesses will be exempt from the rules that come into play on 25 May 2018 – and many may be for a rude awakening, should they not be compliant to the new regulations. “All the more so given the potential penalties for GDPR failures: the Information Commissioner’s Office has the powers to fine businesses up to £500,000 for data protection failures, but under GDPR the maximum fine is €20m or 4 per cent of annual turnover,” says financial journalist and Forbes contributor, David Prosser.
He goes on to add that, “While it’s true that the legislation provides certain exemptions for SMEs with fewer than 250 employees, any business which carries out “processing” of “personal data” is caught by the basics of GDPR.”
So, to get yourself up to speed, and put the necessary practices in place before the legislation becomes set, why not catch up on our GDPR in 60 Seconds blog, here.