Building a business is hard work. To lose it all as a result of a data breach would be devastating.
Unfortunately, we recently learned of a SME who found themselves in this situation. Facing the threat of legal prosecution following a data breach, the company had no other option than to close its doors for good.
With the new and extensive EU General Data Protection Regulations (GDPR) coming into force in May 2018, there is a real risk we could see more smaller companies folding, unable to face the litigation and fines following a breach.
What is at stake?
On 25th May 2018, GDPR will replace the current Data Protection Act in the UK. These new regulations have been designed to give individuals greater control over what happens to their personal data when in the hands of organisations or businesses.
All businesses and organisations that store, manage, or process the personal data of EU citizens will be expected to comply with the new legislation.
Under GDPR, businesses will be more accountable for personal data breaches and data loss. Failing to understand your responsibilities could see your company facing a fine of up to 4% of your global, annual turnover, or €20,000,000, whichever is greater.
For SMEs, the ‘whichever is greater’ element of the new rules is the key phrase. It is easy to see how a smaller organisation would be unable to face this level of financial penalty, leaving them more vulnerable to collapse following a breach, than larger companies who might be more able to weather the impact of a fine.
Alarmingly, the Zurich SME Risk Index has suggested that many of the UK’s SME may be non-compliant on the GDPR implementation deadline. This isn’t a risk businesses can afford to take.
What can you do?
With less than 2 months left to prepare for GDPR, there is no time to waste. If you don’t fully understand the issue, finding out how the new regulations will work or what it will mean for your business and industry should be your first priority.
It is likely you will need to update your IT and privacy policies to ensure you are compliant. It is also vital that you communicate the new regulations and any changes to your policies to your staff.
If you don’t have the time to fully investigate and prepare, the best option is to work with an experienced cybersecurity company with a thorough understanding of GDPR.
At Digital Pathways, we have the expertise to audit your current systems and identify which elements are already in line with GDPR and what needs to change. We can ensure your company is compliant and ready for these new digital security regulations.
Don’t let a data breach be the end for your business. Contact us today on 0844 586 0040 or email [email protected]