In nine months’ time, the General Data Protection Regulation (GDPR) will replace the outdated Data Protection Act (DPA), creating a new data compliance framework that will transform the way businesses collect and store their data.

Under the current regulations, thousands of UK start-ups and small and medium-sized enterprises (SMEs) have collected and stored customer data, using it for everything from customer relationship management to direct marketing. However, the rise in new – and increasingly connected – technologies, along with the threat of cyber security and data breaches, means we are long overdue for a regulatory shakeup that will give more control to individuals over how their personal information is used.

What does GDPR mean for small businesses?

Several recent polls targeting smaller businesses and start-ups in the UK reveal a knowledge gap and ambiguity over how to prepare for the new legislation, with 86% of organisations worldwide concerned that a failure to adhere to the new legislation could have major negative effects on their business—and one in five fearing that non-compliance could be enough to put them out of business altogether. With fines as high as €20 million, or four per cent of turnover (whichever is higher), it’s no surprise that so many organisations are experiencing trepidation over the changes.

There’s no doubt that all businesses need to take GDPR seriously, but for SMEs who are potentially already short on resources or less equipped to manage any unintended consequences, the struggle is real. It’s important to note, however, that the regulations are not the same across the business spectrum.

Big businesses, with their in-house compliance teams and data frameworks, will be required to adhere to the full GDPR package. However, the EU recognises the huge amount of work that will go into making a business GDPR compliant. In order to reduce the burden on smaller organisations, Article 30 of GDPR declares that businesses with fewer than 250 employees will not be strictly bound by GDPR, although there are several provisos that mean they can’t ignore it altogether. Start-ups and SMEs will still be required to manage their data flows and processes to facilitate the free transfer of data between the member states of the EU and uphold the rights and freedoms of EU citizen to privacy.

However, it’s not all rules and regulations; there are several benefits to consider as a small business.

1. Less bureaucracy

As well as having to comply with less rigid protocols, small businesses and start-ups should see GDPR as an opportunity for growth. By their nature, SMEs are generally more nimble, malleable and adaptable than larger organisations, which are often weighed down by internal bureaucracy and complex compliance procedures. Start-ups that use data preferences for consumer services that are compliant with the new legislation will quickly discover its benefits and reap the rewards. SMEs that can effectively navigate the new legislation will be in a position to build a solid foundational data governance framework through which they can take full advantage of the opportunities presented by data in the digital era.

2. Innovation

Start-ups are renowned for being at the cutting edge of innovation and modernisation. When it comes to rethinking data, this ethos will put entrepreneurs and small businesses at an advantage over larger organisations. GDPR will provide SMEs with an opportunity to develop more inventive ways of engaging with customers within the guidelines of GDPR legislation.

3. Transparency and trust

A secondary benefit of being more open and transparent with customer data is that it has the potential to build more meaningful relationships with customers, assembled on strong foundations of trust. Consumers having a better understanding of how their data is even being collected and stored offers the potential to create a greater sense of security, which in turn will build customer confidence, offering the potential to impact brand advocacy, sales and the bottom line.

4. Everyone is not your customer

Likewise, although SMEs will have access to less data than before, the data they will have will be much richer and far more accurate. GDPR will ensure businesses fine-tune their databases and prioritise quality over quantity; the customers that remain within a database will be far more likely to interact with the brand and, more importantly, convert into sales. In the world of start-ups, where simplicity is the key to success, GDPR could provide just the right environment to achieve higher conversion rates in contrast to money being wasted through mistargeting.

Despite its clear challenges, GDPR presents an enormous opportunity for SMEs to revisit their customer data. By treating the new regulations as a brand communications exercise, and not simply an issue of compliance, businesses can find ways to enrich customer relationships and improve efficiency.


By Kate Jack, UK country lead at UK Innovation Hub by Innogy

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

comments powered by Disqus