The General Data Protection Regulation (GDPR) came into effect on 25 May 2018, with a purpose to protect how personal data of European Union citizens’ is being processed. All companies, including the ones that are not established in the EU, have to comply with GDPR if they process personal data of European Union citizens.
The regulation was meant to increase the protection of consumers, as well as cope with all their personal data that is being gathered at an extraordinary pace nowadays. GDPR caused headaches for many companies all over the world. The main reason being that this regulation required data audits — and effectively an overhaul of internal processes — and many firms failed to fully comply with this regulation. For example, very soon after GDPR was implemented, Google got a €50 million fine for the lack of consent for their advertisements in France.
Furthermore, more widely known companies were punished by not being fully compliant with this regulation. Organizations like Marriott and British Airways got a fine of €109 million and €202 million respectively. Essentially, firms that are not GDPR compliant can get a fine of up to €20 million or 4% of their annual revenue, whichever is greater.
However, do not assume that only large-sized companies get penalized for not being compliant: SMEs can also face serious consequences for not being up to date with the most recent changes in the law.
In reality, the majority of small businesses are not compliant with this legislation, even though it was implemented almost 1.5 years ago.
SMEs generally have a limited budget, which could be attributed to the lack of compliance. Perhaps, firms fail to be fully compliant because GDPR requires continuous effort in order to be fully compliant.
All things considered, it is safe to say that compliance with GDPR is not an easy task if we look at all the aspects it relates to within the company.
For instance, every business that has a website must know what type of personal data is being processed on their site. Furthermore, you have to make sure that all the consent forms are clear and specific, meaning that the company’s web design has to be optimized in order to be compliant with GDPR.
Besides that, any company that is dealing with payments from their consumers, online or in person, must have a system that guarantees financial information protection. In order to be compliant within this area, the right merchant account provider could help.
Once data audits are carried out, and new, GDPR-compliant processes are in place, it is up to employees to maintain and respect these processes. Mainly because workers have to be aware of how to report data breaches. As well as distinguish between whether or not the data breach has to be reported or not because not all breaches have to be informed to the supervisory authority.
Along with these, there are many more areas that every SME owner has to go through in order to ensure that his organization is GDPR compliant.
Therefore, Market Inspector created an infographic teaching you about the basics of this regulation, and it also provides a 10-step guide to ensure GDPR compliance for small businesses in 2020.