Pro’s and Con’s of GDPR for SME’s – How GDPR will affect SMEs

GDPR is currently a main talking point amongst businesses and in this article we explore the pro’s and con’s of GDPR for SME’s. 

The two central objectives of GDPR are:

1) Give citizens and residents back control of their personal data and;

2) Simplify the regulatory environment for international business by unifying the regulation within the EU.

For those with more than 250 employees, more detailed records need to be kept.

Those companies with fewer than 250 employees are required to hold internal records of processing activities if the processing of data could risk an individual’s rights or freedoms, or if it pertains to criminal activity.

Include the name and details of your organisation, the name of your assigned data protection officer, the reasons for processing the data, a description of the categories of data being processed, details on the recipients of the data, how long it will be retained, details on transfers outside of the EU, and an overview of the security measures your organisation has put in place.

The new law came into law 25 May 2018 across the entirety of the EU. Even though the UK is planning to leave the bloc in 2019, the regulations apply to any company that will handle EU residents’ data, specifying what type of data a business may collect, how it should be stored and used. For the vast majority of UK businesses, this means them too. What’s more, the UK has already set out its own data protection overhauls that essentially mirror those to be applied in the EU.

The new GDPR rule established by the European Union will have some positive impact; it will mean that data protection will become a market differentiator. This would mean that customers expect to be able to trust the business or organisation with the personal information or data that is being shared with them. Companies are more likely to take this seriously as the implications of a data breach will be severe.

For SME’s with fewer than 250 employees that involves a certain level of personal relationship, the opportunity to communicate with customers and tell them exactly how the data collected from them will be used and how it will be safeguarded is a way of sustaining the relationship.

Pros

Under GDPR, data subjects are entitled to an awful lot more information about who has access to their data, why, and how long it is held.

Consent- businesses will need an individuals consent before accessing their data. Initially, companies will only needed to ask once. Businesses will need separate permission for different things such as marketing and fraud checks. Documentation is stricter and it will be required for businesses to record when consent is given. This would mean that for the customer consent would be ‘’clear’’. It will be important for businesses to remain prepared for breaches by constantly updating software to meet the highest security standards. 

Cons

Businesses may have to employ a data protection officer, this would add to the cost of running the business. It is important to note that failure to comply with GDPR will lead to heavier punishment than ever before with a fine of 4% of your annual revenue.

Working with GDPR-compliant suppliers and contractors will reduce the risk of being impacted by a data breach, and any consequent fines and claims. Seek professional help and advice if you need assistance with compliance. Contact us today to see how we can assist you.