I like to check with my clients that they have covered, as best as possible, the threats which could blow their business off course. The introduction of the General Data Protection Regulations (GDPR) brings another area to be looked at.
I have been with a lot of my clients since they started up trying to help, in my small way, their progress.
For most businesses, the first year of their life is the most dangerous (although someone once observed that the last year is not without its risks either). The initial business objective is about survival and still being there. From there, the business then starts to grow and provide a good living. Beyond that there is the hope that the business is developing value for eventual sale possibly.
Having worked hard to navigate their business into clear waters and with the prospect of broad sun lit uplands on retirement (if I may mix my metaphors) the prudent business owner would want to make sure that they have all potential risks covered.
We might cover the usual suspects, in a meeting:
- Destruction of the premises by a fire or act of God
- The death or incapacity of a key player
- Loss of a major customer (or supplier)
In my view, we can now add GDPR to this list.
Many businesses have spent time and money responding to the requirements posed by this legislation.
The recent hefty fines levied by the ICO (and well publicised) on BA and Marriotts should have been a wake-up call. I suspect that there is an element of the ICO flexing their muscles to show that they are not a toothless tiger with the scale of their penalties – perhaps to encourage other businesses to take note.
Yet we are seeing that GDPR still seems to be more honoured in the breach than the observance. Businesses still seem to be providing personal information by unsecure email rather than through secure portal or other secure methods.
In some cases, it is professional organisations who one might have expected to have been well aware of the regulatory requirements. I did read that there was an immediate breach, once this legislation had come into play, by an EU body. I have to ask, who will guard the guards themselves?
The indifferent, unconcerned approach, may be borne out of ignorance or a belief that GDPR only applies to large businesses such as State institutions or multi-national conglomerates.
If only that was true – It really does affect us all.
I fear that the ICO could target a smaller business and deal it a mortal blow to strike home the message. British Airways can shrug off the fine, albeit not easily, but perhaps not so the typical client for whom we act.
The message is that all businesses need to make sure they are GDPR compliant.
We are not able to offer specific advice on GDPR, however the Information Commissioners Office (ICO) Website is recommended as useful resource for businesses: https://ico.org.uk/
Further Reading on our website:
Posted by Paul Short
The views expressed in this article are the personal views of the Author and other professionals may express different views. They may not be the views of Lambert Chapman LLP. The material in the article cannot and should not be considered as exhaustive. Professional advice should be sought in connection with any of the issues contained in the article and the implementation of any actions.