The General Data Protection Regulation (GDPR) came into force on 25 May 2018, with the aim to protect how European Union citizens’ data is being processed. The regulation applies to all businesses all over the world that process EU citizens’ personal information.
Since its implementation, GDPR has had an effect on many companies across multiple industries. For instance, on the first day that this regulation came into effect, a form was submitted by French data regulator which resulted in Google being fined for €50 Million for the lack of consent on their Ads.
However, it did not stop there. More companies including Marriott, British Airways and many other well-known organisations got a fine for non-compliance to this regulation. To this day, the sum of the biggest fines exceeded the €360 Million mark. If the company is not fully compliant with GDPR, it runs a risk of getting a fine that can get as high as €20 Million or 4% of the business’s annual revenue, whichever is higher.
It is important to mention that not only large-sized enterprises are dealing with serious consequences for not being GDPR compliant, but also SMEs.
Moreover, GDPR is ongoing and requires continuous output from firms in order to stay up to date with the newest changes in the law.
In fact, 96% of small business owners are not fully aware of GDPR compliance. Bearing in mind that smaller companies also have much more restricted budgets, it makes it quite obvious why so many SME owners struggle to be fully compliant with this regulation.
Compliance is not an easy task, mainly because this regulation requires many different areas across the company to be compliant.
For example, any business accepting payments from their customers — either through online portals or card machines — must ensure they have the relevant security measures in place to protect financial data. The right merchant account provider can help ensure compliance with this.
Additionally, any firm with a website must be aware of the type of data they process on it. It is also necessary to ask for consent clearly, which means that a business’s web design has to comply with GDPR by making the company’s privacy and cookie policies clear to the visitor.
Furthermore, businesses these days have to be prepared for data breaches. Meaning that employees have to educated about the GDPR and need to know how to report data breaches. Alongside the aforementioned areas, there are more elements businesses have to go through in order to be fully compliant with this legislation.
For this reason, Market Inspector designed an infographic providing information about the most important aspects of this regulation. Besides that, the infographic includes a 10-step guide for small businesses to be GDPR compliant in 2020.
This article was provided by Germans Frolovs, Communication Assistant at Market Inspector