SMEs and GDPR...Benefits, exemptions and why Irish businesses need to prepare


Harry Leech

Stock image
Stock image

The GDPR will become law in May 2018 and will be the biggest change in data protection rules to occur in Ireland.

GDPR & SMEs 

The new data protection laws in the General Data Protection Regulation (GDPR) are applicable to organisations of all sizes, including Small & Medium Enterprises (SMEs), but many small businesses have not begun preparing for this comprehensive piece of legislation.

Although SMEs will be subject to many of the same rules as larger organisations, and will have nowhere to hide if they are wilfully negligent with consumers private data, there are some very tangible benefits to the new regulations, as well as some exemptions by the EU for smaller businesses. 

Benefits for SMEs

While it might be easy to dismiss the new regulations as 'more bureaucracy from the EU', the new regulations will offer SME exporters a significant boost. 

The new GDPR essentially means that, instead of having 28 different laws relation to data protection, there is now one comprehensive rule that applies to all EU states. This should help to cut costs and red tape for Irish SME's exporting within the EU, and may help smaller exporters break into new markets. 

It also means that EU citizens can have trust that how the data supplied to an Irish company is treated is exactly the same as it is to a company in their own country, and they have the same protections under the law everywhere in the EU. 

Exemptions for SMEs

According to the European Commission, there are also a number of areas where SME's will be given some exemptions from aspects of the new regulation. 

 

* Unless the SME is processing large amounts of data, or their core activity involves processing special categories of personal data (such as that revealing racial or ethnic origin or religious beliefs as one example) then SME's do not have to appoint a full-time data protection officer. 

* SME's are not required to keep records of processing data unless it is a regular activity or likely to result in a risk for the rights and freedoms of data subject

* In the case of minor data breaches and where the breach does not represent a high risk for the rights or freedoms of a consumer, SME's are not obliged to report all data breaches to individuals.

 

This is just a snippet of the information on the biggest single change to how business is done since the introduction of Health & Safety legislation – for the comprehensive view of how the GDPR affects your business and what you need to do in order to  comply, book your ticket for the DataSec conference here. 

The event will provide expert speakers, information and insight to help your business comply with GDPR and get the most out of the new legislation.

The DataSec 2017 conference takes place on May 3 in the RDS in Dublin.