SMBs may be more likely than their enterprise counterparts to find GDPR compliance a challenge. Generally speaking, their focus on data security is not quite as strong as it is in larger organizations. Furthermore, they are often less likely to have internal resources to help them make sense of new regulations.
What is GDPR again?
GDPR stands for the General Data Protection Regulation; it is a regulation in European Union law on data protection and privacy for all individuals within the European Union (EU). GDPR also addresses the export of data outside of Europe, and applies to any business handling personal data of EU residents. The purpose of GDPR is to give EU residents control over their personal data and simplify data privacy regulation within the EU.
What are some key requirements of the regulation?
Compliance with GDPR includes obtaining consent for data collection and processing, designing systems with data privacy in mind, and letting individuals (who ask) how their data is being used. In addition, organizations must remove this data from their possession in the event that an individual withdraws his or her consent for information use. Another requirement for companies handling personal data on EU residents is notifying these residents of a data breach within 72 hours.
So, how do SMBs view security?
SMBs consider information security pretty important, with 37% of U.S. SMBs ranking it a top business priority for the next three years—making it the second biggest priority out of 13 possible business priorities. While a similar percentage of enterprise customers consider document security a top goal (38%), this is actually the number one objective for this group. They are much less likely (25%) than their SMB counterparts (41%) to prioritize staying in business/being profitable, suggesting that security is more top of mind in the enterprise realm.
And how do SMB and enterprise resources compare?
While resources can be measured in different ways, Keypoint Intelligence-InfoTrends research shows that SMBs tend to have fewer internal resources in areas like IT. This can make interpreting GDPR a particular challenge, especially when considering that secure IT systems is a crucial component to ensuring GDPR compliance. The good news is that trusted third parties (e.g., office equipment providers) can provide expert guidance in this area.
The new GDPR regulation is in effect; SMBs may find it particularly challenging to make sense of its components as well as achieve compliance. Compared to enterprises, information security is somewhat of a lower priority for these entities; furthermore, in many cases SMBs have fewer in-house resources to assess the sufficiency of their IT environments for GDPR compliance. Seeking help from a trusted IT provider may be a good option for SMBs falling into this category.