It is the hot topic of many news stories currently, and businesses are beginning to implement changes, with some hefty price tags. A recent report published by Parliament Street, examining the impact of GDPR on the central Government, discovered that the Department of Work & Pensions are spending nearly £15 million in preparation for the new regulation, which included provision for staff training, creation of an online portal for GDPR and tendering to GDPR specialists. The report also found that HM Treasury, The Department for Transport & The Ministry of Justice were expected to each spend between £200-£500k on their compliance.
Also, findings by consultants, Ernst & Young, showed that the world’s 500 biggest corporations are on track to spend a total of $7.8 billion to comply with GDPR.
So, should SME’s be panicking about the impending cost of GDPR?
Firstly, the key point is to weigh up the cost of compliance, against the cost of non-compliance. The General Data Protection Regulation is coming, and if you process personal data of any kind, then you are subject to the changes in the law.
(It is also worth mentioning at this point, that whilst the GDPR may seem like an unnecessary inconvenience, it is in fact a necessary adjustment which is designed to protect personal data. The current Data Protection Act simply does not have the bandwidth to cover data our digital world. The recent problems Facebook have encountered serve as evidence of this https://bit.ly/2HJCyFW).
The cost of non-compliance could in fact, be detrimental to an SME. Fines of up to 20 million euros or 4% of total worldwide annual turnover, are not to be taken lightly.
The second point is that while we are bombarded with news articles suggesting vast amounts of money to ensure compliance (such as those above), this is not going to be necessary for most SME’s. There are also many GDPR consultants who will promise compliance for a substantial fee. (Again, not entirely necessary).
What is a cost-effective approach to the GDPR?
For SME’s, the cost of GDPR compliance does not have to break the bank. The key is a Privacy by Design approach, which is an approach to projects that promotes privacy and data protection compliance from the start. It is ensuring that data protection is no longer an afterthought.
With this is mind, your company will need to ensure that there is policies introduced to protect data (both newly collected, and historic). Also, the GDPR calls for records of processing activities, which provides a means of ensuring these policies are implemented daily.
Point Progress have worked tirelessly in recent months to design and provide a software solution which will take the pain away from these essential GDPR tasks, without the excessive costs.
The software, i-Comply-GDPR provides step by step guidance and compliance measures, featuring:
· A GDPR Planner to work through getting compliant.
· Data audit tasks to help review how data is collected, held and used.
· A Policy Builder which can be published to your team.
· Policy templates to fast track your preparation.
· Data asset register, so you know what type of data you hold and where it is.
· Reminders and tasks to keep you on track with your policies.
· Ticketing system to manage everything including subject access requests.
· A full audit trail just in case you need it.
All of this, at a nominal cost. For more information see our website https://www.i-comply-gdpr.com