GDPR will become the law for firms across the EU in May 2018 and is set to impact the way in which SME’s manage and store their data.
TCC’s Group CEO, Joanne Smith commented on the upcoming implementation stating that small businesses may be surprised by the fines for non-compliance with the regulation. Customers could face penalties of up to 4% of their annual turnover or up to £20m. The regulation also puts greater emphasis the roles and responsibilities of controllers and processes that will have joint liability for any data protection breaches.
A recent YouGov survey found that only 29% of businesses are prepared for the implementation of GDPR next year, with 38% unware of the regulation, hence the importance for firms to research and identify the changes they will need to make over upcoming months in order to comply.
Joanne also stated that small firms may have to demonstrate that they have adequate controls and processes in place ahead of when GDPR comes into effect. This includes gaining consumer consent around the use of their data, so companies must act now to achieve this or allow customers to withdraw their consent if they wish to do so.
Certain misconceptions have arisen from people assuming that, due to Brexit, the regulation would not apply to the UK, but the implementation of GDPR is still set to go ahead as the UK will require an effective data protection regime in order for businesses to continue transferring data to EU member states.
Firms are urged to conduct a gap analysis now to identify any risks of data breaches or high-risk data processing activities associated with the business. In addition, businesses should involve their IT teams now so they can prepare for any changes to information storage systems.
If firms are still unsure of how they need to prepare ahead of the implementation next year, speak to our GDPR specialists today and take a look at our GDPR solutions to find out how we can help.