The General Data Protection Regulation (GDPR) puts the onus on businesses to respect consumer data rights. Individuals have the right to access data, to be forgotten, to be informed, and more. Big companies have invested heavily to re-engineer their operations and technology to get in line. It’s no wonder, since titans including Google, British Airways and H&M have been hit with hundreds of millions of euros in fines.
Meanwhile, smaller organizations lack the resources to adapt, and few have prioritized GDPR. But ignoring GDPR is no longer an option, even for smaller companies. The EU is imposing fines on smaller companies, professional bodies for real estate agents, accountants, attorneys and many more are making GDPR compliance a condition of licensure, and insurance companies are requiring GDPR compliance to write policies.
Comply or die
Can’t comply with GDPR? Then close your business. That’s the blunt message companies are hearing in 2021.
GDPR anxiety is setting off a scramble among smaller organizations to catch up. We know of realtors manually scouring file after file to find forbidden personal information. That’s expensive, tedious, unreliable and takes staff away from doing the jobs they were hired to do.
Of course the EU is not trying to make small businesses shut down or force every employee to review old files all day. But ignorance of the law is no longer an acceptable excuse. Instead organizations must make reasonable efforts to improve their processes and follow the rules. That means turning unfavorable findings –such as the presence of personally identifiable information (PII) on hard drives—into Key Performance Indicators (KPIs) that can be tracked and improved over time.
Let’s be reasonable
Companies need to perform vulnerability scans, create incident reports, develop methods to identify and remediate PII collection and storage issues, and train staff. Employees need to know whom to contact to report an incident or to receive guidance when they have a concern. Companies that take these steps and document continuing improvement can expect to be looked upon favorably by the regulators –and also by customers, licensing boards, and insurers.
Fundamental Cyber is dedicated to protecting companies and employees from cyber criminals and to enabling compliance with privacy and security regulations including GDPR and HIPAA. Our user-friendly, affordable software tools enable people to work safely at home or in the office. Learn the fundamentals at https://fundamentalcyber.com.