The 25th May 2018 is less than 4 weeks away,
and this is the date by which all companies must be compliant with the GDPR.
It is the hot topic of many news stories currently, and businesses
are beginning to implement changes, with some hefty price tags. A recent report
published by Parliament Street, examining the impact of GDPR on the central
Government, discovered that the Department of Work & Pensions are spending
nearly £15 million in preparation for the new regulation, which included provision
for staff training, creation of an online portal for GDPR and tendering to GDPR
specialists. The report also found that HM Treasury, The Department for
Transport & The Ministry of Justice were expected to each spend between
£200-£500k on their compliance.
Also, findings by consultants, Ernst & Young, showed
that the world’s 500 biggest corporations are on track to spend a total of $7.8
billion to comply with GDPR.
So, should SME’s
be panicking about the impending cost of GDPR?
Firstly, the key point is to weigh up the cost of compliance,
against the cost of non-compliance. The General Data Protection Regulation is
coming, and if you process personal data of any kind, then you are subject to
the changes in the law.
(It is also worth mentioning at this point, that whilst
the GDPR may seem like an unnecessary inconvenience, it is in fact a necessary adjustment
which is designed to protect personal data. The current Data Protection Act
simply does not have the bandwidth to cover data our digital world. The recent
problems Facebook have encountered serve as evidence of this https://bit.ly/2HJCyFW).
The cost of non-compliance could in fact, be detrimental
to an SME. Fines of up to 20 million euros or 4% of total worldwide annual
turnover, are not to be taken lightly.
The second point is that while we are bombarded with news
articles suggesting vast amounts of money to ensure compliance (such as those
above), this is not going to be necessary for most SME’s. There are also many GDPR
consultants who will promise compliance for a substantial fee. (Again, not
What is a cost-effective
approach to the GDPR?
For SME’s, the cost of GDPR compliance does not have to
break the bank. The key is a Privacy by
Design approach, which is an approach to projects that promotes privacy and
data protection compliance from the start. It is ensuring that data protection
is no longer an afterthought.
With this is mind, your company will need to ensure that there
is policies introduced to protect data (both newly collected, and historic). Also,
the GDPR calls for records of processing activities, which provides a means of
ensuring these policies are implemented daily.
Point Progress have worked tirelessly in recent months to
design and provide a software solution which will take the pain away from these
essential GDPR tasks, without the excessive costs.
The software, i-Comply-GDPR provides step by step
guidance and compliance measures, featuring:
A GDPR Planner to work through getting
Data audit tasks to help review how data is
collected, held and used.
A Policy Builder which can be published to your
Policy templates to fast track your preparation.
Data asset register, so you know what type of
data you hold and where it is.
Reminders and tasks to keep you on track with
Ticketing system to manage everything including
subject access requests.
A full audit trail just in case you need it.
All of this, at a nominal cost. For more information see our website https://www.i-comply-gdpr.com