A recent article published by Info Security identified that most small businesses have still not updated or reviewed their data security and privacy policies since GDPR came into force.
Many small businesses continue to ignore the financial and reputational risks of failing to comply with GDPR, perhaps due to relatively few businesses being charged in the initial months after the regulation was implemented. However, regulators are now beginning to actively clamp down on misuses of data.
An unnamed German social media platform was recently fined €20,000 for not failing to prevent a breach that compromised the personal information of 330,000 users. An Austrian entrepreneur was also fined €4,800 for failing to sufficiently mark a surveillance camera outside his building. Google was even fined €50 million for giving vague consent agreements to users to obtain and process their data.
These fines demonstrate that failing to comply with GDPR will increasingly carry financial consequences, yet it is also the reputational damages that come with these fines which will impact a business’s ability to survive. We live in an ever more globalised and competitive world and maintaining customer loyalty is more important now than ever before, especially for small and medium-sized businesses (SMEs). Betraying customer trust by mishandling their data can cause irreparable reputational damage and make a business go under.
The good news is that remaining compliant with GDPR rules should be easier than becoming compliant in the first place, especially if your business is well prepared. The best thing to do is to develop policies, procedures, compliance measures, external controls and, above all else, document them. By recording your approach to data protection and the working processes you implement to validate it, you will be complying with GDPR.
Your policies and procedures should only cover the data you need, how you collect, process and store it, how long you will hold onto it and how you will dispose of it once it is no longer of use. You should also implement procedures to facilitate the disposal of personal data should individuals request it, as ‘the right to be forgotten’ is one of the founding pillars of GDPR.
It is also fundamental that your staff are trained and made aware of their responsibilities regarding the GDPR requirements. We recommend your staff attend awareness courses to ensure they are up to date and aware of the rules and regulations.
How we can help?
Shredall SDS Group has helped dozens of small businesses comply with GDPR standards by providing our total information management expertise. For instance, we can help you organise and store your paper documents in our secure vaults to ensure any data you collect is safe from accidental destruction or theft.
We can also help you digitise your documents with our scanning service, allowing you to better see and retrieve the data you hold. However, before scanning your documents we recommend that you cleanse through all the data and dispose of any outdated or non-consensual data. Our shredding services are available both on-site and off-site, after which we will provide you with a certificate of destruction and waste transfer note to complete your Audit trail.
Get in touch with us to find out more about how we can help your business comply.