Written by Simon Morgan, HR Dept South East London and North Kent.
The General Data Protection Regulation is here to stay: Why it should still be at the forefront of your mind in 2019
In the first quarter of 2018, it seemed that the nation was in the grip of a GDPR-frenzy – you couldn’t read a trade magazine, attend a networking event, or even open your mail without being urged to make sure that your business was prepared. But then the May deadline for compliance came and went, and with it went the media furore. Yet when it comes to GDPR, out of sight should absolutely not be out of mind – it may no longer be grabbing the headlines, but compliance is just as important now for your business as it was back in May.
Here’s a reminder of why GDPR compliance still needs to be at the forefront of your mind in 2019.
- Brexit does not give businesses a ‘get out’ clause
No one knows what Brexit will mean for the country, but one thing that is for certain is that whatever happens, GDPR will still apply for the foreseeable future and, as such, your business will still be at risk of a fine should you commit a breach. Further, going forward, any business that has dealings with European citizens, whether direct or indirect, will have to protect their data as per EU rules.
- SMEs are not immune
Press coverage of data breaches tends to focus on the biggest businesses. Google, Facebook, Uber, British Airways etc have all hit the headlines in the last couple of years. But data breaches don’t only happen in large firms; nearly three-quarters (74%) of SMEs reported a data breach in 2015[1].
- The cost of non-compliance is HUGE
Much has been made of the eye-watering fines for non-compliance – up to €20m or 4% of the company’s annual turnover, whichever is higher. Although the highest fines will only be applied in the most serious cases, GDPR does significantly increase the levels of fines across the board: fines handed down from the Information Commissioner’s Office to UK companies in 2016 totalled £880,500; this figure would have been £69m had GDPR been applied[2].
- Customers expect you to protect their data
Of course, direct fines aren’t the only way that a business can be damaged following a data breach – loss of consumer and investor faith can be even more harmful to a firm. Research[3] found that 89% of SMEs who suffered a data breach said that it had had an impact on their reputation.
- GDPR compliance provides a real business benefit
It’s true! SMEs shouldn’t view GDPR-compliance as just another administrative burden. Yes, it does take some investment of both time and money, and the ‘stick’ of fines might make you nervous. But when GDPR is done properly, not only will you be safe from the fines and reputational damage you fear, but you’ll also benefit from more robust and reliable data handling, information security, compliance processes and contractual relationships. It will also enable you to conduct more focused marketing, knowing that your customer data is up to date and accurate.
Though the furore over GDPR has died down since its implementation, the importance of ensuring your SME complies has not diminished!
For help understanding what your business needs to do, contact simon.morgan@hrdept.co.uk or telephone on 0345 634 9154.
[1] PwC, 2015 Information Security Breaches Survey, 2015
[2] NCC Group, 2017
[3] Hiscox, Small Business Reputation and the Cyber Risk, 2016
