I wasn't expecting that! Some indirect consequences of the GDPR
In a previous blog we looked at the direct hazards associated with the new General Data Protection Regulation (GDPR). These are just the tip of the iceberg in terms of the ways that GDPR could trip your organisation up.
There are a number of indirect implications for your organisation that you may not even have considered, let alone prepared for:
Working with larger businesses or the public sector As a small business, you may think that you can fly under the GDPR radar but for many larger businesses, and particularly for the public sector, being GDPR compliant is business critical. If you work with larger businesses or public sector organisations, their compliance relies on your compliance so be prepared to be asked some challenging questions around your GDPR compliance and ability to evidence that.
Tenders, PPQs and framework agreements In the last few weeks, we have reviewed a number of PPQs, tenders and framework agreements that are asking for details of the technical and operational measures that organisations have taken to become GDPR compliant and the training that staff have completed. Again the challenge is in being able to not only say you comply but demonstrate how you are complying. How would your response score?
Accreditation schemes We believe that many of the wider consequences of GDPR compliance are yet to be felt. It must only be a matter of time before certification and accreditation schemes adopt a stance on GDPR compliance. This could have implications for marks and standards ranging from quality, health & safety and risk management to customer service, social responsibility and training.
Insurance premiums Without casting aspersions about the insurance industry, we have probably all experienced increased premiums as a result of what we consider minor discretions or incidents. It doesn’t take much to imagine an increase in professional liability insurance for those with inadequate technical and operational measures in place to be GDPR compliant.
So whilst, as a small business ourselves, we understand the challenges small and medium enterprises (SMEs) face but we don’t believe it’s worth the risk to be non-compliant with GDPR.
We understand you have conflicting demands on your time and resources, which is why we have made GDPR compliance as easy as possible for you. Subscribe today and complete our simple five stage process. Receive all the tools and guidance an SME needs to become, and remain, GDPR compliant. This includes a secure portal in which to hold your data protection evidence and a training module enabling you to train, and evidence training of, staff. We will award you with a certificate on completion.
Protect your business - become and remain GDPR compliant with Astrid