GDPR compliance: how SMEs can meet the costs (and avoid the fines)
It’s over a year now since GDPR came into force and compliance remains an issue for some SMEs. Cost is a barrier but failing to abide by the law comes with the risk of heavy fines. Alternative finance can help firms afford the GDPR-related investment they need.
While it may be tempting not to prioritise GDPR compliance, in particular given the pressure being applied by a weakened market and a raft of policy and non-policy costs, the reality is that SMEs are putting themselves at risk of incurring huge fines. The Information Commissioner’s Office has already dished out some eye-wateringly large financial punishments and although the focus has, to date, been predominantly on large corporations (e.g., the Marriot Group and British Airways), it is inevitable that the body will eventually turn its attention to smaller businesses.
The fines are significant. Businesses that infringe the GDPR code of practice, which includes failing to meet compliance requirements, face fines of as much as 2% of their annual turnover, rising to 4% for breaches of personal data. In the current climate, having to hand over such a sum could be fatal to small businesses.
Therefore, it is vital that SMEs take GDPR compliance seriously. While it is arguable that full compliance is impossible to achieve, being a long way down the road to hitting this target is not. There are some exemptions for businesses with fewer than 250 employees, but that does not change the fact that compliance is mandatory for all firms.
Notably, the requirement to comply with GDPR won’t change if the UK leaves the European Union at the end of January. The regulation has been applied to UK law in the 2018 Data Protection Act and this won’t change in the event of the country’s withdrawal. Indeed, should the UK leave without a deal, data protection is likely to become more complicated for SMEs, which is another reason to invest in compliance now.
Of course, this is easier said than done at a time when margins are being stretched to breaking point. So, how can SMEs afford to invest in GDPR compliance?
Alternative finance can help.
In the wake of extended caution from traditional lenders, the likes of invoice finance, asset finance, peer-to-peer lending and crowdfunding are redrawing the small business funding landscape. These facilities, which offer a more personalised approach to lending, are helping small businesses grow. They are providing them with access to capital, on an affordable and flexible basis, to help manage cash flow and for essential investment, such as in the resources needed to comply with GDPR and data protection legislation.
Given the state of the market and subdued spending levels, the fact that some SMEs are falling behind in terms of GDPR compliance comes as little surprise. However, the cost of failing to abide by the law could be crippling. SMEs have to invest. This is why business owners should be aware of all the funding options available to them, including alternative finance.
To find out more about A&T Business Associates services, contact Steve Bowles on 01903 602211 or steve.bowles@atbusinessassociates.co.uk