While many UK-based SMEs might expect Brexit to exempt them from compliance, the Information Commissioner has confirmed that the EU General Data Protection Regulation (GDPR) will apply to the UK and has issued practical advice to help SMEs comply with the new regulation.
SMEs are not exempt from GDPR compliance
In a recent video, Information Commissioner Elizabeth Denham addressed boards and executives on the topic of the GDPR, saying: “If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance. But there’s a carrot here as well as a stick: get data protection right, and you can see a real business benefit.” While SMEs that process EU residents’ data are not exempt, the good news is that it could be easier to achieve compliance than it is for a large multinational.
What does the GDPR means for SMEs?
Although small business owners may consider this just another administrative burden, ignoring the GDPR or getting it wrong could have costly repercussions: organisations found to be in breach of the Regulation face administrative fines of up to 4 per cent of their annual global turnover or €20 million – whichever is greater.
Businesses that take the time to properly prepare for and comply with the Regulation [..].