It’s fair to argue that small businesses have not benefited greatly from the EU’s General Data Protection Regulation (GDPR), which was implemented in March 2018. Additionally, it’s not exactly benefiting customers all that much either.
For small business owners, enforcing data privacy regulations resulted in considerable disruption and expenditure. In the future, business owners will have to worry about and spend money due to the growing threat of hackers. Under the aegis of GDPR, a data breach is sanctioned.
Small firms are required by data privacy rules to allocate a portion of their funds to constructing effective cybersecurity defences. Due to the change in funding allocation, firms cannot expand as quickly as they might under GDPR.
Furthermore, we should question the GDPR’s actual value. Is GDPR actually effective? The answer, according to Wired, is no. Consumer data is still compiled and profitably sold by data brokers. The daily barrage of unsolicited advertisements that arrive in your inbox will let you know this is accurate.
Moreover, the introduction of GDPR was prompted by the misuse of user privacy rights by Google, WhatsApp, Facebook, and Instagram. The tech behemoths were charged with coercing individuals into disclosing their data without getting their informed consent.
The only difference today is that we authorise the usage of tech businesses’ services. And we won’t be able to use their services if we don’t consent. However, they continue to send commercial messages to their clients using our data.
In essence, businesses that have acquired data from Google and Facebook are invading our privacy. And how do Google and Facebook generate revenue?
The Impact of GDPR on Your Business
Administrators of the GDPR have recovered fines totaling over 2 trillion dollars. It was reported that a total of €2,380,276,317 had been collected as of the writing in December 2023.
Companies who are found responsible for a data breach are fined about 2% of their global sales. Penalties, however, are calculated to account for mitigating factors such whether the cybersecurity measures are sufficient in light of your budget.
However, the GDPR fines are not what render a corporation unprofitable. A data breach must be reported to the impacted parties.
According to reports, 60% of small businesses are compelled to shut down as a result of a data breach. A ruined reputation is the main cause of the forced closure.
More than 100,000 people participated in a Thales poll that indicated that 70% of consumers would no longer do business with a firm that has experienced a data breach.
Therefore, the GDPR fine is not the problem. The provisions of the data laws are what harm small enterprises the most.
However, the GDPR fines are not what render a corporation unprofitable. A data breach must be reported to the impacted parties.
According to reports, 60% of small businesses are compelled to shut down as a result of a data breach. A ruined reputation is the main cause of the forced closure.
More than 100,000 people participated in a Thales poll that indicated that 70% of consumers would no longer do business with a firm that has experienced a data breach.
Therefore, the GDPR fine is not the problem. The provisions of the data laws are what harm small enterprises the most.
Furthermore, the Information Commissioners Office (ICO), the authorities in charge of looking into violations and imposing fines, recently declared that they will concentrate on going after bigger businesses that “cause serious and sustained harm to individuals.”
“We will have additional authority to halt firms from processing data, but we only act when there has been grave and ongoing harm to people…We now have the potential to pursue larger, international, and occasionally multi-national corporations where the previous fine of £500,000 would have been insignificant.
This is just partially true. The Meta Platforms have received the largest fines. But have Facebook ever informed you that they are breaking the law on data privacy?
And do you still see tailored Facebook ads?
Additionally, there are 1,538 entries on the ICO’s Enforcement Tracker, the majority of which are small firms and individuals. Both “insufficient legal basis for data processing” and “non-compliance with general data processing principles” are used as justifications. The normal range of the fines is €1000 to €100,000.
According to the data, it doesn’t seem like the ICO is “going after large companies” with its financial authority. To the IT behemoth, a 2% fine for Meta is nothing.
However, if everyone realised that Facebook, Instagram, and WhatsApp are selling your data, they would quit using them. The same fate that small enterprises with bad reputations face may then befall Meta.
What Amounts To A Data Breach?
The Information Commissioner’s Office (ICO) concluded that the data “Non-compliance with general data processing principles.” An example of a data breach is:
“…a security lapse that results in the unintentional or intentional loss, alteration, disclosure, or access to personal data. This covers violations brought on by both unintentional and intentional factors. Additionally, it implies that a breach involves more than merely losing personal data.
This means that small firms must set up sufficient cybersecurity defences to keep hackers out of their corporate network and, ultimately, out of their customer data.
As a result, it is crucial for small businesses to at the very least spend money on cybersecurity solutions like antivirus software, VPNs, data encryption software, and multi-factor authentication. Additional layers, such as virtual desktops and permission in cloud-based services, can be added to your network perimeters.
Additionally, you ought to train your team in cybersecurity. People have a 90% greater probability of effectively fighting against cyberattacks if they are aware of the tools and methods utilised by hackers.
Small enterprises that can show they have constructed effective cybersecurity defences with the funds at their disposal should avoid paying a large fine, provided they comply with Article 32:
- Secure data
- Maintain honesty and confidentiality.
- Capacity to promptly restore personal data
- Test and assess the efficiency of security measures on a regular basis.
For small business owners, there is some good news. Companies with less than 250 employees are not required by law to retain records of their data processing activities. You must still take care to safeguard the private information of your clients.
End of sentence
The GDPR is not providing consumers with the benefits that the data privacy regulations are supposed to, according to statistical data and actual proof. We were informed that the goal of GDPR was to stop companies from abusing customer data. That doesn’t seem to be taking place. Small firms are being penalised and forced out of business in the meanwhile.
+ There are no comments
Add yours