by Maricar Tuazon
SME struggles as data protection regulations evolve
Back in the run up to May 2018 when the GDPR came into force, every company panicked. Since then it has been 3 years and one might think that most businesses and organisations have gotten a grasp of privacy or have already set out good data practices for their operations. That may be true to some extent, but professionally managed privacy programs come with long processes and high costs. Without dedicated DPO’s, privacy budgets and staffing most of these companies that struggle with new regulations and data privacy governance are small to medium sized firms.
‘I understand it’s about SME but what is in it for me?’
The European Commission shared the same opinion through its evaluation report regarding the success of the GDPR during its first 2 years. It expressed concerns on the challenges that SMEs (incl. start-ups, organisations and associations) are confronted because they struggle with new privacy regulations as well as the costs of unintended failure to comply. Most SMEs and similar entities are not to blame. In fact, it is important to highlight that they are the backbone of our economy as they represent 90% of businesses worldwide and are doing the best privacy job they can with the resources and tools available.
So, what is the real problem here?
SME’s privacy challenges are due to many different reasons such as lack of expertise, knowledge, perspective, budget, manpower and lack of technology. But the challenges that these kinds of businesses face further relates to the existing gap between understanding privacy regulations and applying it according to its operations. Having a DPO would for sure help, but what does this mean to those who do not have the required resources...
No DPO, No Problem!
Data protection is not a new topic, and new regulations just keep coming and coming. In this kind of game, it is usually big companies that can afford to cope with all these legal evolutions by e.g. having DPO or developing internal infrastructures. The evolution of data privacy regulations will undoubtedly push more demand on all forms of companies but it will be even more burdensome for SMEs.
Therefore, we are democratising privacy tech and offering solutions to manage data privacy efficiently and effectively for the SME. We think a key part of solving this problem is providing solutions that help and guide your program, not just document your records of processing. Privacy1 does this by providing easy and cost-effective software and advice that give you all the capabilities you need to manage your privacy program that are normally only included in the most expensive software , such as GAP identification and Program Governance tools that guide you to help identify the areas where you have most risk.
Democratising Privacy Tech, to help SME businesses
As we all strive to be better with privacy, there is no time for us to leave SMEs behind in these evolutions, whether in terms of privacy regulations or technology. In fact, we find that the answer here is for privacy technology vendors to shift their focus on helping businesses of all sizes (particularly SMEs) to manage privacy better and be able to have a privacy program, not just a ROPA. If you are managing privacy in an SME, our advice is don’t panic, there are solutions out there that can help you be better with personal data that don’t cost the earth, and can help increase your maturity level reduces the level of worry. And, if you are able to easily manage technology, processes and people in line with privacy standards you can more confident in using your privacy maturity to differentiate your business.
If you are interested in what Privacy1 can help your small business with, see download below