Find your local office
OR

Blog

Back to listing

The General Data Protection Regulation Is Here To Stay

Written by Simon Morgan, HR Dept South East London and North Kent.

The General Data Protection Regulation is here to stay: Why it should still be at the forefront of your mind in 2019

In the first quarter of 2018, it seemed that the nation was in the grip of a GDPR-frenzy – you couldn’t read a trade magazine, attend a networking event, or even open your mail without being urged to make sure that your business was prepared. But then the May deadline for compliance came and went, and with it went the media furore. Yet when it comes to GDPR, out of sight should absolutely not be out of mind – it may no longer be grabbing the headlines, but compliance is just as important now for your business as it was back in May.

Here’s a reminder of why GDPR compliance still needs to be at the forefront of your mind in 2019.

  1. Brexit does not give businesses a ‘get out’ clause

No one knows what Brexit will mean for the country, but one thing that is for certain is that whatever happens, GDPR will still apply for the foreseeable future and, as such, your business will still be at risk of a fine should you commit a breach. Further, going forward, any business that has dealings with European citizens, whether direct or indirect, will have to protect their data as per EU rules.

  1. SMEs are not immune

Press coverage of data breaches tends to focus on the biggest businesses. Google, Facebook, Uber, British Airways etc have all hit the headlines in the last couple of years. But data breaches don’t only happen in large firms; nearly three-quarters (74%) of SMEs reported a data breach in 2015[1].

  1. The cost of non-compliance is HUGE

Much has been made of the eye-watering fines for non-compliance – up to €20m or 4% of the company’s annual turnover, whichever is higher. Although the highest fines will only be applied in the most serious cases, GDPR does significantly increase the levels of fines across the board: fines handed down from the Information Commissioner’s Office to UK companies in 2016 totalled £880,500; this figure would have been £69m had GDPR been applied[2].

  1. Customers expect you to protect their data

Of course, direct fines aren’t the only way that a business can be damaged following a data breach – loss of consumer and investor faith can be even more harmful to a firm. Research[3] found that 89% of SMEs who suffered a data breach said that it had had an impact on their reputation.

  1. GDPR compliance provides a real business benefit

It’s true! SMEs shouldn’t view GDPR-compliance as just another administrative burden. Yes, it does take some investment of both time and money, and the ‘stick’ of fines might make you nervous. But when GDPR is done properly, not only will you be safe from the fines and reputational damage you fear, but you’ll also benefit from more robust and reliable data handling, information security, compliance processes and contractual relationships. It will also enable you to conduct more focused marketing, knowing that your customer data is up to date and accurate.

Though the furore over GDPR has died down since its implementation, the importance of ensuring your SME complies has not diminished!

For help understanding what your business needs to do, come to one of our upcoming full day workshops to be run in North Kent by The HR Dept and Risk Evolves, specialists in risk management and cyber-security, starting in February!

For more details of the workshops, contact [email protected] or telephone him on 0345 634 9154.

[1] PwC, 2015 Information Security Breaches Survey, 2015

[2] NCC Group, 2017

[3] Hiscox, Small Business Reputation and the Cyber Risk, 2016