As a business owner, you might be cynical about GDPR and data protection, and given that every new bit of company legislation seems to come with associated compliance costs, it’s no surprise.
Every time the government tells us that we need to adhere to more rules and regulations, it seems that the compliance businesses benefit -with talk that if you don’t comply with GDPR, you’ll end up facing massive fines, which could sink your business, so you need to spend tens of thousands of pounds to make sure that doesn’t happen.
How much big business pays
Before GDPR became law, Price Waterhouse Coopers discovered that 68% of the companies it surveyed planned to spend between one and ten million to make sure they met the regulation’s requirements.
That’s quite a bit of money. And even though these were large businesses (over 500 employees with a large annual turnover), the costs still seem astronomical.
Maybe you’re a small transport business with 200 employees; it still seems you’d have to fork out an awful lot of money to become compliant.
Even smaller businesses might baulk at the potential cost of making sure they have everything in order. From the garage carrying out MOTs to the air conditioning company supplying local care homes, the costs to meet the GDPR’s requirement can be daunting.
What about security?
Let’s put it another way, however. How much do you pay for physical security? To protect your assets?
If you have a factory, you need to secure it, and you probably spend a lot on that.
Security for a physical building can be extremely costly because it usually doesn’t stop at putting a good lock on the gate.
You’ll probably hire a consultant to assess the risk. They’ll be doing a security audit, checking your offices, workshops, and other areas and providing a report that will highlight vulnerabilities that need to be taken care of.
They’ll provide advice on which type of lock to use where, how to make sure customers are safe when they visit your premises, where to install CCTV, what activities on-site need to be protected, and so on.
There will also be specific compliance requirements from a legal perspective for physical access to some sites, which are also covered by legislation.
And, of course, there will be legal costs and insurance to consider.
Although nobody wants to be spending money on these things, everyone understands that we live in a world where they are necessary. We can’t simply leave the factory gates open at night and rely on people’s goodwill to not enter and run off with an expensive piece of machinery.
GDPR is security – for your data
The world has changed, and data security and preventing harm to individuals is as, if not more, important as physical security.
So much information is stored on a computer these days, and it’s information that can be used in many criminal ways; therefore, if you happen to store that data, you need to take care of it.
What’s more, GDPR doesn’t just protect a user’s data, such as what you can keep, how long you can keep it and what you can do with it; the legislation makes it clear what steps you need to carry out should that data go missing, or be misused in some way.
If a customer’s car was stolen from your garage, would you try to keep it a secret? Of course not; there’s no way you could.
What if someone took their data?
A factory can have locks on all doors, security guards and dogs checking that if anyone walks by, they know they will face a challenge if they want to get in.
What about your data?
An insecure network doesn’t appeal to passers-by but it’s open to people worldwide, and it’s shocking how many of them would love to get access.
Data breaches cost money, and the risks of not taking the risk of one happening seriously far outweigh the costs of making sure you’re prepared in the event it happens to you.
GDPR costs don’t need to be prohibitive
It’s important to realise that GDPR wasn’t meant to sink companies who couldn’t comply.
The measures a company needs to take to ensure they’re compliant are more like common sense, much like securing your premises.
Simple things like making sure employees don’t leave USB sticks lying about with customer data on them and having secure passwords are a simple start as well as ensuring your data protection policies are in place.
Knowing what data you have on your customers, and understanding the laws about processing that data, what you can do with it, and what to do if it goes missing are also steps in the right direction.
You can do a lot of this yourself. The ICO provides a lot of information for businesses that helps them make sure they comply with the legislation. .
However, this takes time to read and understand and you won’t be completely sure you are doing the right thing. An external qualified, experienced and professional consultant can take the pressure off and worry away and ensure you’re doing the right thing.
Get in touch
If you’re at all unsure whether your company is compliant with the GDPR and other data protection laws give us a call today or contact us via the site. That first call costs you nothing.