A recent study shows that many small and medium-sized enterprises/businesses (SMEs, SMBs) are unprepared for the General Data Protection Regulation (GDPR) that took effect on May 25, 2018. The consequences may be costly financially as the GDPR replaces the entire body of existing data protection laws throughout Europe and significantly effects how companies handle, protect and profit from data.
This new evidence shows that the GDPR is likely to impact smaller companies as the study shows that 82% of SMEs are unaware of the law and therefore potentially face substantial fines when the enforcement of the GDPR begins next year in 20-19. Other findings of the survey show:
- More than 75 percent of the survey’s respondents outside Europe say they are not or don’t know if they are prepared for GDPR;
- More than 80 percent of the survey’s respondents either have knowledge of nothing about the GDPR or have knowledge of only a few details about the GDPR;
- Less than one in three companies believe they are prepared for the GDPR;
- 97 percent of companies don’t have a plan for compliance with the GDPR;
- Only nine percent of IT and business professionals are confident that they will be fully ready for the GDPR.
Any business and not-for-profit organization that processes personal data related to employees, customers or prospective employees or customers who are in the European Union (EU) and/or are EU citizens fall within the scope of GDPR, regardless of the location of the company or the location of the actual data processing itself. Thus, the law basically applies on a worldwide scale and all those business enterprises affected had until May 25, 2018, to sufficiently prepare.
By attaching rights to an individual’s data separately from the right attached to an individual, the EU can impose its data protection standards on businesses in locations outside of Europe. In determining whether a business enterprise is within the scope of the GDPR, three questions should be considered. If a business can affirmatively answer any of the following three questions, it is most likely within the scope of the GDPR:
- Is the business organization based in the EU?
- Does the organization handle data concerning EU-based individuals?
- Does the organization do any kind of business with organizations to which 1 or 2 apply?
The attorneys at Glass & Goldberg in California provide high quality, cost-effective legal services, and advice for clients in all aspects of commercial compliance, business litigation, and transactional law. Call us at (818) 888-2220, send an email inquiry to email@example.com or visit us online at glassgoldberg.com to learn more about the firm and to sign up for future newsletters.