Originally written by Chris Cook on Small Business
Despite the EU implementing strict rules around data protection last year, some SMEs haven’t made changes to be compliant, putting themselves at huge risk. GDPR one year on and some small businesses are still exposed. Overlooking it could have costly repercussions by way of hefty fines and reputational damage.
On May 25 2018, the EU introduced its biggest transformation of data protection legislation with the introduction of the General Data Protection Regulation (GDPR).
Although most businesses were making sure they were compliant in the months leading up to its enforcement, many businesses (including SMEs) weren’t GDPR-ready.
See also: What does GDPR mean to me and my business?
Small businesses may consider compliance with the Data Protection Act 2018 (“DPA”, which incorporates the GDPR in the UK) to be another administrative burden and, due to their business’s size, by keeping fingers crossed and ignoring it, it might disappear. This isn’t the case; all businesses that process personal data are subject to the DPA.
Organisations found in breach of the DPA face administrative fines of up to 4pc of their annual global turnover or €20 million (whichever is greater).
GDPR one year on
Since the GDPR came into force, fines have been