Many small businesses think if they just ignore the EU’s GDPR regulations, they will just go away. SA Law Head of Employment & Data Protection Chris Cook shares vital tips for SMEs who haven't done anything to abide by GDPR, and how they can start going about this task.
On May 25 2018, the EU introduced its biggest transformation of data protection legislation with the introduction of the General Data Protection Regulation (GDPR).
Although most businesses were making sure they were compliant in the months leading up to its enforcement, many businesses (including SMEs) weren’t GDPR-ready.
Small businesses may consider compliance with the Data Protection Act 2018 (“DPA”, which incorporates the GDPR in the UK) to be another administrative burden and, due to their business’s size, by keeping fingers crossed and ignoring it, it might disappear. This isn’t the case; all businesses that process personal data are subject to the DPA.
Organisations found in breach of the DPA face administrative fines of up to 4% of their annual global turnover or €20 million (whichever is greater).