May 24, 2018
Neil McDonnell, Chief Executive of ISME, has appealed to data-protection organizations to be “instructive, instead of punitive”, towards SMEs (small and medium enterprises), with the May 25 launch date for the European Union’s General Data Protection Regulation (GDPR) approaching at the end of this week
Mr. McDonnell made reference to the reality that a latest survey indicates that many smaller companies are trying to get prepared for the requirements of GDPR. The survey, carried out by the Data Protection Commissioner’s (DPC) office shows that a lot of businesses are still not prepared for the new law.
Outcomes of the survey, conducted during April 2018, reveal the following figures:
- 44% of companies surveyed were not aware if they are required to employ a data-protection officer within the organization.
- 66% of companies surveyed know the fines for breaching GDPR.
- 45% of companies surveyed have finished a review of the private data that they store.
Generally, the survey is important since it indicates SME consciousness of GDPR has doubled up, to 90%, from the level it was at during 2017. In spite of this optimistic news, less than 33% of business leaders know the changes to the legal implications of storing confidential information. Though is a gigantic increase on 2017 (6%) it is still perturbing.
Fines for breaching GDPR will be enforceable from this Friday, May 25. The new EU law aims to systematize data protection rules across the common law European Union area. It’s applicable to businesses that are based in the EU and also businesses that operate or have customers within European Union Member States. The penalties for breaching GDPR can be as high as 4% of yearly global turnover or €20m, whichever amount is higher.
Mr. McDonnell stated that some help would be required to assist SME businesses to comply with the law. He said: “It can be done at negligible cost, with simple steps taken. But it does require time and effort, applying procedures”.
The ISME Chief Executive referred to the application of GDPR requirements as an easy job that needs to be treated with respect.