In May of 2018, the GDPR along side Ireland’s Data Protection Act 2018 (the “DPA”), became the biggest change in data protection rules to occur in Ireland. While much attention has been placed on this new batch of data privacy legislation, the truth is data protection and data privacy has for long been a critical part of virtually every area of running a business. Instead of seeking minimal compliance, Irish SMEs should use the new legislative environment as a push to make the protection of their data a priority.
The State of Data Protection Among SMEs in Ireland
According to the Central Statistics Office, SMEs generate almost half of all revenues in Ireland and make up over 99% of all enterprises locally.
That’s a whole lot of economic activity.
So, as eCommerce and mobile devices pull more transactions online, and content management becomes increasingly digital and increasingly analyzed, data privacy among SMEs in particular, is growing in importance. Responding to the new data privacy laws in Ireland and in the EU at large by developing more stringent data collection and storage processes is definitely a step on the right direction. But among many Irish SMEs, the response has largely been apathetic.
This is nothing new.
According to a recent survey by GFI, while SMEs are grappling with explosive data growth, the data protection policies and backup processes they have in place don’t go far enough to offer adequate protection. The survey found that 92 percent of companies have used some form of data backup technology, however, about 50 percent of them have still lost data. Of the companies that lost data, about 30 percent lost sales, 20 percent lost customers, and about 25 percent reported severe operative disruptions as a result of the loss.
In another survey by IT firm Micro-warehouse, 57 percent of Irish SMEs do not think the introduction of GDPR legislation has made any impact on their daily operations. Even more telling… only 13 percent of companies reported that cyber-security was one of their top priorities, and a third responded that the topic of data security is never discussed among senior management. This is in stark contrast to the amount of change to data protection policies happening at larger firms.
The Benefits of Data Protection Legislation for Irish SMEs
Many Irish SMEs view the new data protection requirements as a burden to their operations and on their financial budgets. But, one of biggest benefits of data protection policies, such as the GDPR, is that the regulatory environment has become more cohesive. This new batch of legislation alone replaces 28 data protection laws in the EU and combines them all into one standard set of regulations.
This new level of simplicity should actually help to reduce costs as well as red tape for Irish SME’s exporting products within the EU. It is also a good PR move because those living in the EU can trust that the data held by an Irish company is being treated in exactly the same manner as it is with a company in their own country.
Why Irish SMEs Need Proactive Data Protection Policies
But legal compliance is not the end of the data protection story. In an era of increasing cyber-crime and data breeches, ensuring the security of a business network is certainly in a company’s best interest and this is where being proactive is so important. Irish SMEs need to be pragmatic in their approach to their internal data protection policies and both become aware of and prioritise high risk processes.
Here are just two areas to consider:
1. Data backup.
Given that the rise in cyber-crime has been astronomical over the past few years, arguably there have never before been so many threats to a firm’s sensitive data. Plus, with sophisticated, enterprise-grade data analytics tools being marketed to SMEs, data has arguable also never been a more valuable asset.
For these reasons (and more), the issue of data backup needs to come off of the back burner. With so many robust, yet cost-effective cloud solutions available for data backup and security, there really is no excuse for SMEs to ignore it.
2. In the event of a lawsuit.
When a unsolvable dispute arises, a business may receive a notice of a claim or a lawsuit. Often, such notices come with a demand for the preservation of information. That means they need to be ready for an electronic discovery (
) process. This process includes the compiling, storing, and securing of various forms digital of data, such as documents, files, emails, and other types of content, including voice mails and text messages that can be used as evidence.
Bottom line: While the GDPR may have ushered in a change to the data protection legislation governing Irish SMEs, the biggest and most important change is the way in which these companies respond.