Businesses are trying to comply with the General Data Protection Regulation (GDPR) before the May 2018 deadline. Many even believe that the GDPR won’t apply to them because they have fewer than 250 employees. It does.

Any organisation, regardless of size, that regularly processes EU residents’ personal data must comply with the Regulation. However, SMEs may be exempt from the more rigorous steps.

Article 30, for example, states that the Article (which relates to the documentation controllers and processors must keep regarding data processing) “will not apply to small businesses except if the processing results in a risk to the rights and freedoms or data subjects, processing is not occasional, or the processing includes special categories of data as referred to in article 9, or personal data relating to criminal convictions and offences.”

You might not need the extensive documentation that larger organisations are required to keep. Howevere you may find that your suppliers or customers will require you to have documentation within their new GDPR-compliant contracts. Having this may provide a competitive advantage.

For more information see https://www.itgovernance.co.uk/blog/the-gdpr-a-guide-for-small-businesse... where Beth Greenall talks more about this challenge.

I will add data protection officer to my many roles and lift more weight!.