ISME Chief Executive says SMEs Require Help on GDPR

Chief Executive of Isme, Neil McDonnell, has pleaded with data-protection bodies to be “instructive, rather than punitive”, towards SMEs (small and medium enterprises), with the May 25 introduction date for the European Union’s General Data Protection Regulation (GDPR)  looming at the end of this week

Mr McDonnell made reference to the fact that a recent survey shows that many smaller firms are struggling to get ready for the requirements of GDPR. The survey, conducted by the Data Protection Commissioner’s (DPC) office indicates that many companies are still not ready for the new legislation.

Results of the survey, carried out during April 2018, reveal the following statistics:

  • 44% of firms surveyed were unaware if they are obliged to hire a data-protection officer within the organisation.
  • 66% of firms surveyed are aware of the penalties for breaching GDPR.
  • 45% of firms surveyed have completed a review of the personal data that they store.

Overall the survey is significant as it shows SME awareness of GDPR has doubled, to 90%, from the level it was at during 2017. Despite this positive news less than 33% of business leaders are aware of the amendments to the legal implications of storing private information. Though is a huge increase on 2017 (6%) it is still worrying.

Penalties for breaching GDPR will be enforceable from this Friday, May 25. The new EU legislation aims to standardize data protection laws across the common law EU area. It is applicable to companies that are based in the European Union and also companies that operate or have clients within EU Member States. The fines for violation GDPR can be as high as 4% of annual global turnover or €20m, whichever figure is higher.

Mr McDonnell said that some assistance would be needed to help SME companies comply with the legislation. He said: “It can be done at minimal cost, with simple measures taken. But it does need time and effort, implementing processes”.

The ISME Chief Executive referred to the implementation of GDPR requirements as a simple task that need to be treated with respect.