Skip to the content

GDPR and small businesses

Now the dust has settled from the introduction of GDPR in May 2018, Simon Parkinson, Managing Partner of HPA looks at the realities of the risk to small businesses.

I'm sure after all of the pre-publicity regarding the General Data Protection Regulation (GDPR), following launch on the 25th May 2018, I'm sure many small business owners simply shrugged their shoulders and said to themselves "Nothing to see here - move on".

Well I'm sorry folks, but the reality is no business can afford to be so complacent. Ignorance of the law is not a defence that will save you from the risk of prosecution and bad publicity should you be found in breach of the regulation. Whilst you are probably right that the Information Commissioner's Office (ICO) isn't especially interested in your business per se; consider this: there were 1124 complaints raised in the first month following implementation of the law.  These are customers complaining about businesses, partly spurred on by the publicity surrounding GDPR.

Taking such a laissez-faire attitude to business risk just won't cut it in the digital age whatever business you are in. So what are the risks to small businesses?  Probably the biggest risk and one that is applicable to all businesses is data security. Managing data security is just one of the 99 clauses included in the GDPR, but it's the one that has potential for greatest negative impact for most small businesses. What's more its impact goes beyond compliance with the law, a serious data breach can seriously damage your reputation and destroy the trust of your customers. 

A lack of data security can also put your business operation at risk and cost you money.  Not going to happen to you? Last year according to technology giant Verizon, the average business received 7 cyber attacks per day with around 40% of these being ransomware.

In a ransomware attack, cyber criminals hack into your computer systems and encrypt the data so you can't use it. This is until you pay a ransom which can end up costing you between a few thousand pounds to millions in ransom and consequential business losses.

So where do you start?  Quite simply by understanding the risks to your business presented by GDPR and wider data security issues. While the detail of GDPR and data security issues can be quite mind boggling, the basic principles aren't.

If you do nothing else get to grips with understanding these 3 things:

  1. What customer data do you hold and what do you do with it? You can then check if this complies with the 6 permitted uses of data defined by GDPR by visiting the ICO website
  2. How do you store that data and how is it protected? This is where you really can't afford to be lax 
  3. What would you do if you had a data breach?  Or a ransomware or other cyber attack? Boy scout mantra: be prepared.

If you do these three things and act upon them if things don't stack up, you'll be well on your way to compliance with GDPR and will have taken a big step towards minimising business risk.

HPA helps companies to implement and maximise the benefits from ISO Management System standards. To find out more about how implementing management systems can help build trust and grow your business please contact us or call 01477 549 116




About the author

Simon Parkinson

Simon Parkinson is Managing Partner of HPA and has over 20 years experience of helping companies achieve ISO management system certification.

comments powered by Disqus

Our Clients

HPA has served over 4000 clients in a wide variety of industries across many sectors

“HPA provided an experienced mentor who helped us achieve certification within an agreed timeline.

Certification has enabled us to achieve internal and external savings at a time when all base costs are generally increasing."

David Gilligan, Constant Group

Download our brochure

Find out more about how ISO management system standards can benefit your company.