Research into GDPR and the state of the UK's readiness for it isn't new; recently, countless pieces have been written about where businesses are in their preparations. What struck me about the Federation of Small Business research seen earlier this month was threefold: it didn't come from a vendor, it focused on the important SMB sector, and we have less than two months to go.
The results highlighted where I feel a general misconception around GDPR is getting in the way of businesses preparing for it. Only eight percent of SMBs felt fully prepared for the new rules. 18 percent of smaller businesses are still unaware of GDPR. Over a third of microbusinesses (up to ten employees) hadn't even begun preparing for May 25th. Those are alarming statistics.
This lack of reaction to GDPR strikes me as the kind of fear that can hit people in the run-up to a deadline, making them freeze like a rabbit in the headlights. But for the ICO, that excuse is not going to fly. So, what do smaller business need to do to get moving?
Reframing the debate
The first and most vital is reframing the way in which they view GDPR.
Much of the discussion surrounding GDPR has framed the ICO as some sort of all-encompassing judge – think Anubis, the Egyptian God of death. He would weigh a person's heart against a feather – if it was heavy with sin and the scales tipped, then they wouldn't reach the afterlife. SMBs have built up the ICO in the same way; ready to devour their business if it isn't deemed worthy.
However, GDPR has been brought to the table as a force for good; protecting the individual and their data, ensuring that companies act responsibility with the information in their care. In many ways, the regulations will help companies better their structure, security and awareness of data, which can only be a good thing.
For those worried about the ICO's rulings, in the initial stages, all that is asked is that they are actively working towards compliance and have the basics in place. For those struggling, the ICO will issue warnings, reprimands, specific data subject orders and only then will the sizeable fines come into play. Small businesses need to approach GDPR in a positive light as something that will, on the whole, benefit them.
A little help from my friends
Of course, with smaller businesses, even if they take this outlook to GDPR they can find themselves stalled through a lack of technical expertise. For the proud entrepreneur that has grown their own business, admitting this can sometimes be a bitter pill to swallow.
Again, the ICO is aiding this by offering help and support to businesses – pleasingly, the FSB research shows that over 50 percent of SMBs will be using this as a resource. The FSB's own suggestion of a ‘safe harbour', for non-compliant companies to admit they need help and be given more particular guidance, would also be a welcome notion.
There are plenty of companies that specialise in the compliance and data security too, which businesses need to engage with – the cost of engaging an expert for their help will pay for itself through ongoing compliance.
Technology for all
The modern technology landscape has also become a lot more democratised due to cloud technology and SaaS. Through this model, expensive and sophisticated technology that would have previously only been available to huge companies can now be accessed by all.
This isn't a luxury though – sophisticated technology is a must-have for compliance. You need data visibility, so a solution that can track users and devices on the network (user and entity behaviour analytics or UEBA for short) will be fundamental for building towards compliance.
Contributed by Dr. Jamie Graves, CEO & Founder, ZoneFox.
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.