Many organisations that collect data online tend to be a quite lax when it comes to data protection, particularly small businesses (SME’s) and voluntary organisations. Up until now there was a very simple reason for this - there was never any major risk in not engaging with regulation as it was quite vague and generally unenforceable anyway. The same is not true anymore however. The General Data Protection Regulations will introduce specific consequences for non-compliance even if the error is an honest mistake.
Non-Compliance is Costly Under GDPR
The GDPR uses a tiered system for calculating fines which are specific to the infraction making it easier for the regulator to apply penalties. Serious infringements can now be up to €20 million or 4% of the global turnover of a company. On the lower end, fines of up to 2% of global revenue can apply to less serious breaches. These can be anything from simply poor data management to not notifying the regulator after a data breach so what you might consider an oversight before could now prove very costly.
In light of the GDPR release in May of this year, data security has clearly become a priority for government but it needs to be a priority for SME’s as well. If you are worried about what effects GDPR has on your business, well at least you have noticed the elephant in the room. It is a completely new way of treating data and most business models right now will not work unchanged under the new rules.
Small businesses need to focus on improving their data security practices and compliance practices if they want to survive. While this may seem like bureaucracy is coming down hard on business, in reality the regulation is on the side of citizens. So while yes, business owners will have to bear the brunt of this change, it does benefit all of us in the long term.