[BreachExchange] Is GDPR Good For SME Data?

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jul 3 18:56:50 EDT 2018


https://www.cybersecurityintelligence.com/blog/is-gdpr-good-for-sme-
data-3507.html

Small and midsize businesses face a unique set of challenges when
addressing compliance with the EU’s General Data Protection Regulation.

In many ways they’re under more pressure than larger firms because
resources are usually limited, making penalties for noncompliance
potentially disastrous. Allocating enough money to overhaul content
procedures can limit opportunities for short term growth.

In fact, a recent survey of midsize European businesses revealed that a
quarter of businesses completing their GDPR checklists are “cutting back in
other areas including plans to create innovative new products or to fuel
growth through international expansion.”

Apart from updating current data handling procedures, the GDPR also
instructs some companies to invest in a data protection officer and team to
manage any ongoing issues the law will raise.

>From data requests and employee training to continuous monitoring and
breach reporting protocols, it’s a lot to implement without putting some
sort of strain on revenues, production or both. As awareness of personal
data rights grows, consumers may choose to only do business with companies
that actively protect them. The GDPR is meant to empower the public, put
data back into the hands of their owners, and provide peace of mind. If a
company is unable to explain how it will cope with the GDPR or hasn’t
implemented a clear plan, customers may switch to the competition.

Churn is something all businesses experience, but it’s especially
detrimental to smaller organisations that rely on word-of-mouth referrals
and customer testimonials.

The GDPR is about empowering individuals with more control of their data,
which will turn the need to instill brand trust from a marketing message
into an essential part of business success. Presumably regulators will work
with SMEs who prove they’ve been proactive in their approach to data
security and to fulfilling GDPR requirements. However, organisations that
fail to comply may face penalties up to 4 percent of annual revenues,
regardless of size.

The Silver Lining
The GDPR will force some organisations to make changes in one way or
another, but there are some good reasons to welcome that. In fact, the
regulation should offer long term benefits to all companies that comply.

Aside from improving overall data security, businesses that rid their
repositories of redundant, obsolete or trivial (ROT) content can use the
relevant data that’s left to improve communication with leads and existing
customers, improving ROI. Cleaning repositories will also help SMBs reduce
data storage costs.

There is another upside to GDPR. It’s an opportunity to set your business
apart. Complying (or pursuing compliance) will obviously make companies
less vulnerable to cyber threats, but what about reputation? Reputations
take years to build and only moments to destroy. Consider how recent data
breaches (such as Uber and Facebook) have influenced public opinion.
Businesses that take GDPR seriously are putting customers first and the
success of a SMB is largely affected by brand confidence. People have an
overwhelming variety of options when it comes to where they spend their
money, so whether a SME flourishes, let alone stays in business, depends
heavily on customer satisfaction.
SMEs should use compliance as a tool to rise above the competition.

Not only does regulatory compliance help businesses retain users, it also
promotes company innovation, driving up demand. Modernised infrastructure,
improved data storage and better organisational systems can reveal useful
data patterns, helping businesses discover new trends.

This makes it easier for companies to launch new products. GDPR provides an
opportunity to overhaul obsolete systems, making them more efficient and
driving long term growth.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180703/e012369d/attachment.html>


More information about the BreachExchange mailing list