Skip to main content

There are less than six months before new General Data Protection Regulations (GDPR) take effect in the European Union (EU). These aim to strengthen the rights and protection of consumers in the EU. This means that all businesses need to prepare for the impact of more stringent data collection and storage processes.

GDPR starts May 25, 2018. This legislation affects all EU member states. Everyone will now have to follow the same laws for collecting, storing and using consumer’s personal data.

Benefits of GDPR

There are two key benefits to the GDPR:

  1. Its goal is to give EU residents control over their personal information.
  2. It simplifies the regulatory environment for international businesses operating in the EU.

Everyone using the internet has privacy concerns. The GDPR addresses that for consumers. For businesses, the strict new legislation replaces 28 data protection laws in the EU one set of regulations.

How does it affect small to medium enterprises?

The GDPR legislation applies to all organisations doing business in the EU. This include small to medium enterprises (SMEs). No matter how big or small your business, you will have to follow the law. This is great news for consumers as it makes it more difficult for companies to misuse consumer personal data. And, any breaches can see you fined.

There is some good news for SMEs. There are some exemptions. Under Article 30, the GDPR acknowledges SMEs are different to large corporations and public organisations. SMEs with fewer than 250 employees, not collecting a lot of personal consumer data, are exempt from:

  • hiring a full-time data protection officer
  • keeping formal records about company data processing methods
  • reporting minor data breaches as long as there is no risk to the rights of the people involved.

While SMEs have these exemptions, it is not a free pass to avoid the GDPR. The exemptions only recognise the working capacity of SMEs. You must comply with the new laws.

So, do you understand what the GDPR means to your business? Do you know what the business needs to do to prepare for the new legislation?

The key changes are to the rights of your data subjects (people you collect data about). You need to understand what this means to your business.

Data subjects – what are they?

These days every business collects information about their customers. Such as contact information to store in a database. But, businesses also collect information from people signing up for special offers and in all sorts of ways. Then there are employee, supplier, bank and medical records. These are all stored in databases. All these are data subjects organisations collect, store and use data about for business purposes.

A lot of information organisations collect to store is sensitive and personal. The GDPR makes sure that all businesses do the right thing to protect the data they collect and store.

What changes under the GDPR?

There are three major changes under the new GDPR, including:

  • Accountability. The GDPR emphasises accountability. Your organisation will have to be able to prove its compliance to the data protection regulations.
  • Notification of data breaches. GDPR brings in new rules about reporting data breaches. This means reporting all beaches of personal information to the regulators within 72 hours. You will have to tell those affected when the breaches put them at high risk. SMEs are exempt from this if the breach is minor.
  • Consumer consent and privacy notices. The GDPR means businesses must get consent to use the data they collect from consumers. It also allows consumers to withdraw consent and to ask to see what information organisations store about them. The GDPR aims to give people back their right to privacy in a digital environment. This means businesses need to change their privacy notices. All privacy notices accessed by consumers need updating to reflect the GDPR changes.

Penalties for non-compliance

Do not make the mistake of thinking SMEs are exempt from fines for non-compliance with the GDPR. No one is exempt. You could be up for up to €20,000,000 or 4 percent of your annual global turnover. GDPR is serious about protecting consumer’s rights to privacy.

Act now!

What do you need to do to prepare for the GDPR? Act now! Some businesses need to do a lot of work overhauling data collection and storage systems to be ready in time. Others only need minor changes to databases and consent forms.

Hire someone with the knowledge to look at your systems and processes to ensure you are ready for the GDPR in 2018.

Do not get caught out. Now is the time to act and prepare.

Marc O'Dwyer

After completing a Graduate program in Marketing, Marc’s impressive sales career began at Allied Irish Banks, Pitney Bowes and Panasonic where he received numerous Irish and European sales performance awards and consistently exceeded targets and expectations. In 1992, Marc’s entrepreneurial spirit led him to set up his own business, Irish International Sales (IIS). Initially, this company was a reseller for Take 5 Accounts and Payroll software. Within four years, IIS became the largest reseller of Take 5 in Ireland, acquiring four other Take 5 resellers. He also found time to set up two mobile phone shops under the Cellular World brand and a web design company offering website design services for small businesses. In 2001, he bought the majority share in a small Irish software business, Big Red Book. At that time, the company was losing money. The company became profitable within two months, and Marc then acquired a payroll company to compliment Big Red Books Accounting products. In 2003, IIS were appointed as Channel Partners with SAP for their new SME product, SAP Business One. Marc sold his Take 5 business and concentrated on developing this new market for SAP As a result, by 2007, IIS was recognised as the largest Channel Partner for SAP in EMEA (Europe Middle East and Africa). In 2008, the IIS Sales Manager bought the Company from Marc in an MBO. He launched Big red cloud in June 2012, the online version of big red book, to date the company successfully converts 59% of trials into sales and the number of customers is growing rapidly. Marc continues to run both Big Red Book and Big Red Cloud which now support 75,000 businesses. He is a very keen sportsman, having played rugby for 20 years, represented Leinster at under 16 and under 20 levels, and league squash with Fitzwilliam Lawn Tennis Club for 10 years. Marc has competed in 11 Marathons, including the London and Boston Marathons, and has completed several Triathlons and Half Ironman races. He has also completed six Ironman Races in Austria(x2), Frankfurt (Germany), Nice (France) , Mallorca (Spain) and Copenhagen (Denmark)