Print.IT Reseller - issue 51

01732 759725 18 GDPR The IDC report, 2018 Worldwide SMBs GDPR Ready (or Not) in Seven Countries examines the awareness, activity, and expectations of small businesses (10-99 employees) and midsize firms (100-999 employees) with regard to the European Union’s General Data Protection Regulation (GDPR). The GDPR, scheduled to take effect May 25, 2018, establishes strict requirements for the way that personal data must be governed and protected – including encryption and protection of anonymity. These requirements must be met for every citizen of the European Union, regardless of the geographic location of the company holding this information. Potential penalties for failing to meet these requirements are severe – up to 20 million Euro or 4 per cent of annual revenue for non-compliance – making this what should be a high priority issue for businesses of all sizes and locations. Investment towards GDPR is essential Last month the National Association of Local Councils (NALC) brought the financial strains facing local authorities in becoming compliant with GDPR into focus. Tim Waterton, Senior Director of UK Business at M-Files believes that local authorities concerned about their abilities to fund the changes needed to support GDPR, should not be deterred and instead capitalise on simple and affordable steps, which demonstrate that reasonable measures are being taken to become compliant. “The GDPR is a demanding piece of legislation that many organisations, particularly those in the public sector, are struggling to get to grips with,” he said. “The ongoing squeeze on public sector budgets won’t be helping this situation, but while some level of investment will be needed to support GDPR, this doesn’t need to be unduly expensive. It really boils down to sound data hygiene practices and there are some relatively simple and cost-effective actions that public sector organisations can take to close the compliance gap.” Waterton argues that creating a centralised personal data registry or information asset registry, allows you to understand what data exists within your systems, where it is located, who has access to it and who it is shared with. “Once you understand what data you have in your possession, you can then see how that information links to your different systems, processes, policies and procedures. That is the starting point for the transition to GDPR compliance.” www.m-files.com IDC finds varying degrees of GDPR awareness and preparation among global small and midsize businesses GDPR ready (or not) The January 2018 survey of more than 2,000 business owners, line of business leaders and IT leaders aware of or managing IT spending in seven countries found that less than half of European small and midsize businesses (SMBs) have taken steps to prepare for the pending GDPR. Among non-European SMBs, the share of prepared firms is significantly lower. “As SMBs around the world increasingly look to grow revenue by reaching out to new customers, the importance of global expansion increases,” said Raymond Boggs, Program Vice President, Small and Medium Business Research at IDC. “But so does the need for first-rate security and data protection, which is why GDPR compliance is important, not just to avoid fines, but to insure that vital customer information is secure and protected.” Despite the potential consequences of failing to comply with the GDPR, IDC’s survey found varying levels of awareness, planning, and preparation among SMBs. Key findings from the survey include the following: n A significant share of small businesses in Europe (over 20 per cent in the UK and Germany) indicate they are not aware of GDPR. For small businesses outside of Europe, about half are unaware. Midsize businesses show much greater awareness, 80-90 per cent, across geographies. n Independent of GDPR awareness, almost 44 per cent of European small businesses and 41 per cent of midsize businesses say they will need to take compliance action. For non-European SMBs, the percentages are 38 per cent for small businesses and 55 per cent for midsize businesses. One third of Europe SMBs and more than one half of non- European SMBs have no plans to comply. n Only 29 per cent of European small businesses and 41 per cent of midsize businesses have taken steps to prepare for GDPR. Among non-European SMBs, the share of prepared firms declines to 9 per cent among small businesses and 20 per cent of midsize businesses. “When looking at GDPR in Western Europe, adoption is moving ahead as expected. Bigger companies move faster than smaller companies and at a country level, Nordic countries are implementing GDPR faster than other Western European countries. GDPR compliance and implementation has been identified as the top security priority,” said Carla La Croce, Senior Research Analyst, European Industry Solutions, Customer Insights & Analysis. “Nevertheless, Western European companies are struggling to meet an imminent deadline, and this is more likely for small and medium companies. In addition, there are also misunderstandings and misconception issues that compromise on-time compliance,” La Croce added. Bigger companies move faster than smaller companies and at a country level, Nordic countries are implementing GDPR faster than other Western European countries www.idc.com