Back to news & views

GDPR & SMEs: Is it Time to Start Panicking Yet?

The countdown is well underway, and the ‘road to GDPR’ is now within walking distance. Large corporates like Coca Cola have privacy teams working around the clock to ensure compliance, but what about SMEs? Small and medium-sized enterprises represent 99% of all businesses in the EU, yet just one in four across UK and Ireland have started preparing for GDPR.

If your organisation is one of these, or simply looking for clearer direction, then this article is for you. Listed below are 5 steps to kick-start your journey towards compliance, and demonstrate your organisation is taking privacy seriously.

Assign a Directly Responsible Individual – Smaller organisations may be exempt from appointing a data protection officer, but giving an individual the responsibility and resources to educate themselves on GDPR requirements, and understand how it will impact your organisation, is key to success. Your office has a fire marshal, a first aider; now privacy needs some attention.

Educate yourself – GDPR includes a number of requirements, and it’s not just a tick box exercise, it’s a business process which requires ongoing attention. You need to consider: rights of data subjects, consent management, privacy impact assessments, and beyond. Tip: there are many free workshops and online resources out there to get informed!

Understand your business context – What role does personal data play in your organisation? You need to know what data you hold, where you hold it, and whether you actually need it. Tip: look up how the GDPR defines ‘personal data’ – it may be broader than you think!

Raise awareness within your organisation – How much do your employees know about privacy? A key concept within GDPR is ‘Privacy by Design’, which means from now on privacy needs to be considered in every business process. Educating your team ensures a sustainable approach to compliance.

Create a Roadmap – In reality, despite your best efforts, you may not be fully compliant when GDPR comes in to force. However, driving the business forwards with an agreed plan will help you get there, and demonstrate your business is taking GDPR seriously. Tip: Several tools exist to help automate many of your GDPR obligations; they will save you time and help ensure compliance.

You may not (yet) be an expert in GDPR, but now you know where to begin. All the resources and tools are out there, meaning there’s no excuse to put off your privacy preparations any longer!