Blog Img

What Will The GDPR Mean For SMEs In Ireland?

Back to Blogs

With the General Data Protection Regulation (GDPR) coming into effect from May 2018, it’s time to ask is your company is truly GDPR ready?

 

By simply looking at online job boards, we can clearly see a number of large multi-national organisations increasing their recruitment efforts within Data Protection, Data Management/Governance and Compliance as well as IT Security, Database Development, IT Risk and Audit. However many SMEs are yet to take the plunge.

 

THE GDPR & SMEs 

Many companies across Ireland and the UK are yet to realize that the new data protection laws – specifically the General Data Protection Regulation (GDPR) are applicable to all organisations regardless of their size.

As the GDPR is designed to increase and protect the rights of the consumers, companies need to be asking themselves if they are compliant or risk facing penalties up to €20,000,000 or 4% of the gross annual turnover.

Even though SMEs will be subject to the main elements of the legislation as larger organizations, there are some exemptions as well as some benefits for smaller businesses.

 

Benefits for SMEs

It would be fair to say that some people see The GDPR as more “Red Tape” coming in from the EU, however the new regulations will offer a significant boost to SME exporters within Ireland.

In short, the GDPR will mean that instead of having to ensure you are compliant with 28 different laws in relation to data protection, there will be now one universal rule that applies to all states within the EU. Some states may opt to have stricter restrictions but in essence all legislation will be the same.

This therefore means that smaller companies who are planning on exporting to multiple states within the EU may see a reduction in their costs as well as less red tape as the process will now be standardised.

It also means that companies as well as consumers have the added reassurance that the data they have supplied to companies operating within the EU will be handled in the same manner as it would be if the company was operating solely within Ireland.

 

Exemptions for SMEs

As aforementioned, under the new GDPR outlined by the European Commission, there will also be a few exemptions given to SMEs.

  1. Unless the core activities of the company involve processing special categories of personal data (racial, ethnic, religious beliefs etc.) or they are processing large quantities of data; the company will not be required to appoint a full-time data protection officer.
  2. Unless the SME is processing data regularly or at risk of breaching the rights and freedoms of the data subject, they will not be required to keep records of how they process data.
  3. If the data breach is considered “minor” and does not represent a high risk for the rights and freedoms of the data subject, SMEs will not be obligated to report the breach. If, however the breach is considered to have a major impact on the data subject, they will be required to report the breach to all affected individuals.

 

To conclude, the GDPR brings some welcomed changes in how private information is handled however to ensure that companies avoid what could potentially be costly mistakes, the European Commission is urging all businesses, regardless of size, to ensure that they are ready and fully compliant for the implementation of the regulation that will take place May 25th 2018.

 

Claire Kelly is a Recruitment Consultant with the IT team in Dublin. Email: ckelly@sigmar.ie | Tel: +353 1 4744637