• Customer Portal
  • Remote Support
Logo
  • Home
  • Services
    • IT Support and Maintenance
    • IT Hardware and Software
    • Microsoft 365 /Cloud Services
    • Pensieve Cyber Security
    • Wi-Fi
    • Data Protection
    • Hospitality POS
    • Project Management
  • Sectors
    • Hospitality
    • Small & Medium-Sized Enterprises
    • Non Profit Organisation
  • Support
    • Customer Portal
    • Remote Support
  • About
    • Testimonials
    • Contact Us
    • ISO Certification
    • Cyber Security
    • Cyber Essentials Certification
    • Environmental Statement
  • Careers
  • News
    • All News
    • Social Media News

Is your SME ready for GDPR?

  • HOME
  • NEWS
  • Is your SME ready for GDPR?

7th November, 2017

The countdown is on. In just over seven months’ time, the General Data Protection Regulation (GDPR) will come into force and this will have huge implications for businesses – of all sizes and in all countries – which handle the personal data of EU citizens.

Billed as the largest piece of privacy legislation for 20 years, the GDPR isn’t merely a directive, but EU legislation enshrined in law. It has been designed to harmonise different laws to protect individuals’ privacy, giving consumers greater control and rights over their personal data. Individuals can request that businesses delete their information by exercising, their “right to be forgotten”.  As such, there will be much stricter rules around consent; notification of data breach; mandatory privacy impact assessments, and the requirement for “privacy by design and by default”.

Failure to comply with the new regulation isn’t worth considering. Businesses could be hit with fines of up to four percent of annual worldwide turnover, or 20 million euros – whichever is greater.

Large corporates may be able to foot the bill, but such a sum could cripple a small or medium business. So it’s a surprise that only one in five of all European companies are prepared for the new legislation. The figure is probably lower still for companies based outside of the EU but still handle EU citizens’ data. What’s more, 52% don’t know the impact the GDPR will have on their organisations. For small businesses, this figure rises to 55%.

This year makes European Cyber Security Month the perfect time for businesses to get GDPR-ready. It may seem like a daunting task but there are a few steps businesses can take to ensure they are prepared:

  1. Establish and assess how you deal with data

A thorough understanding of how your organisation deals with data is paramount. Under current rules, only data controllers are liable for compliance, but the GDPR obligations will fall on data handlers too. It is therefore important to establish whether your organisation is a data processor or a data controller, bearing in mind it could be both.

Knowing where data are stored, that location’s security, as well as determining whether those data are being shared will be critical, come May 2018.

  1. Learn from the past

To check your capabilities in terms of reacting to a future attack, examine what has happened during past breaches and question whether the steps taken are capable of meeting the new requirements set by the GDPR. Under the new rules, breaches will need to be reported within 72 hours, together with information about the severity of the attack. If your company is unable to do so, that shortcoming may result in a hefty fine.

  1. Appoint a data protection officer

This may be simple advice for a company with lots of money, but the added expense makes this off-putting for smaller businesses. However, it’s not as off-putting as being fined four percent of your revenue and might not need to be a full time responsibility.

The data protection officer acts independently and, reporting to the highest level of management, should help implement the requirements. Allocating further resources sooner rather than later will ensure your company is not only compliant but is equipped to deal with any data breach and mitigate the possibility of being fined.

  1. Educate your staff, and yourself, on the rules

One of GDPR’s main aims is to strengthen the ability for people to be forgotten and have their data deleted. Companies will also have to gain “clear affirmative action” from individuals before processing their data. The rules also make it harder for children to hand over their data. Knowing how the rules change your organisation’s handling of consent, and the rights of individuals, is imperative.

  1. Know your lead supervisory authority

The authority that handles any complaint against your company depends on where your company is based, not on the location of the individual raising the complaint. This can be difficult for companies that operate internationally, or even have multiple sites in different regions. There are also other directives in different countries that may go further than GDPR and that also need to be considered. You can read advice from the EU on finding your lead supervisory authority here.

With just eight months to go until the GDPR comes into force, businesses need to understand the GDPR fully and the steps they need to take to be compliant. The saying “By failing to prepare, you are preparing to fail” couldn’t be more applicable in this case. Take action now before it’s too late.

For more information on the General Data Protection Regulation, please visit the ESET dedicated page to help ensure that when the time comes, you have everything covered. 

Posted by Urban Schrott Eset Ireland, October 2017

Tiernys IT
Address
Quin Road Business Park,
Ennis, Co. Clare,
Ireland, V95 TWC1

E-mail
[email protected]
Phone
IRE +353 65 682 8281
USA +1 202 977 2086
Copyright 2025 Terms & Conditions | Privacy Policy | Cookie Policy
Site by acton | web
<

ItemCustomer Portal

ItemFree Site Survey

ItemRemote Connection

Tierneys I.T. Solutions, Ennis | Hospitality POS | IT Maintenance & Support | Ireland
Manage Cookie Consent
We use cookies to optimise our website and our service.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Preferences
{title} {title} {title}