Small businesses processing personal data need to review their existing processes and frameworks to incorporate into their practices the new set of GDPR rules.
For example, if a company relies on outsourced data processing or storage, it’ll probably need to put in place more robust measures to prevent data breaches. Such move may force the company to an additional investment in cyber-security solutions or even changing of service providers.
Probably, there are no many small business owners thrilled with having to comply with the new data protection law, nevertheless, in doing so, they are producing positive change that ultimately translates in a more efficient, productive and profitable business.
Small companies should be well aware of the GDPR content. Going through all the Chapters, Articles and Recitals is probably the easiest way to get familiar with the law – Here you can find the official PDF of the Regulation (EU) 2016/679 (General Data Protection Regulation) as a neatly arranged website. All Articles of the GDPR are linked with suitable recitals.
After this, they should start auditing their organisation to implement the necessary changes according to the directives.
It is also essential to document each step taken, so if a breach does happen (and believe me, they happen!), proper evidence of compliance can be given. The Information Commissioner’s Office (ICO) offers a comprehensive Guide to the GDPR. However, professional advice should always be sought in case of doubts.