The heavy fines that can be imposed on companies that breach the new General Data Protection Regulation (GDPR) legislation could put small firms out of business, warns Entanet.
Darren Farnden, head of marketing at Entanet, has explained that the new regulations will mean even small businesses may have to spend time and effort focusing on data protection.
“Whatever your views on it, it’s about to take up a whole lot more of your time, even if you’re a sole trader,” said Farnden.
The new EU legislation is designed to ‘strengthen consumer protection and enhance trust and confidence in how personal data is used and managed’. It replaces the 1995 Data Protection Directive (from which the Data Protection Act was born) and covers how personal data is gathered, stored, shared, processed and used.
While it is not due to be enforced until 2018, the risk of massive financial penalties being imposed on companies that do not meet the new regulations will force the subject of data protection onto the boardroom agenda. Fines can be as much as four percent of revenues for the most serious breaches.
“You might consider this scaremongering but the truth is that the fines that’ll be levied for breaches are scary,” said Farnden.
“Operating on a tiered basis, you’ll be asked to cough up two percent of annual global revenue for not having the required records in order, not notifying the supervising authority and data subject (i.e. the person to whom the data relates) about a breach, or not conducting impact assessments.
“But this rises to four percent of turnover for violations relating to data security and consumer consent. For SMEs, these fines could mean the end of your business, full stop.”
Read Farnden’s full article on the subject at enta.net/opinion