GDPR one year on: make sure your small business is compliant

We’re over a year on since the GDPR came into force and some small businesses are still exposed. Overlooking the GDPR could have costly repercussions by way of hefty fines and reputational damage.
Mon 30th Sep 2019

Many small businesses think if they just ignore the EU’s GDPR regulations, they will just go away. SA Law Head of Employment & Data Protection Chris Cook shares vital tips for SMEs who haven't done anything to abide by GDPR, and how they can start going about this task.

On May 25 2018, the EU introduced its biggest transformation of data protection legislation with the introduction of the General Data Protection Regulation (GDPR).

Although most businesses were making sure they were compliant in the months leading up to its enforcement, many businesses (including SMEs) weren’t GDPR-ready.

Small businesses may consider compliance with the Data Protection Act 2018 (“DPA”, which incorporates the GDPR in the UK) to be another administrative burden and, due to their business’s size, by keeping fingers crossed and ignoring it, it might disappear. This isn’t the case; all businesses that process personal data are subject to the DPA.

Organisations found in breach of the DPA face administrative fines of up to 4% of their annual global turnover or €20 million (whichever is greater).

Read Chris’s full article for here.