GDPR is Just Another Compliance Burden For Small Businesses. Or Is It?
Now that doing GDPR right is so easy and affordable, is it still worth taking the risk of winging it?
We weigh up the risks.
When it comes to GDPR, we’ve all had enough.
It’s difficult, painful and unproductive.
We know that because so many people have told us it is.
But not doing it is a risk to the reputation and wellbeing of your business.
So why take the risk of non-compliance now that it’s so simple and affordable to do what you need to do to stay safe?
What’s So Tricky About GDPR?
The trouble is that GDPR is fraught with questions.
Does it affect our business?
Should we register with the ICO?
If we do register, does that mean we now have to do something?
If we don’t do anything, how is anyone ever going to know?
If we don’t register, how will they ever find us?
And all that before you even get stuck into the real problems.
The detail of what you have to do and how you have to do it.
Well, the good news is that GDPR is now so much simpler than you ever thought possible.
GDPR is Now Much Easier Than You Might Think.
Smart software has made the whole process simple, easy, and fast.
There’s expert guidance available on chat and if you want to be extra sure you’re safe you can also take out data protection insurance.
You’ve probably heard terms like data mapping, data privacy impact assessments, subject access requests and legitimate interest assessments.
It sounds like a headache just to get to grips with it all.
The reality is that it’s just jargon – the professional’s way to describe processes and actions.
It makes doing GDPR sound complicated, challenging, and something to be left to the experts.
Make no mistake.
The compliance people want you to believe it’s too much for you to do in-house or they’re out of a job.
It’s a bit like accounting used to be. Bare with me on this one.
What’s Xero Got To Do With It?
I’m going to take you back in time.
Can you imagine a world where each company wrote its financial accounts into physical ledgers?
Every organisation had its own way of doing things, and you had to become an expert to manage ‘the books’.
I know. It’s hard to believe, but it’s true.
It seems crazy now that we have Xero and Sage, and other standardised SaaS products for managing our accounts.
We wouldn’t dream of creating our own accounting system in spreadsheets.
But that’s exactly what most businesses are doing with GDPR compliance.
The way that most businesses are managing GDPR now is just the same as the olden days of accounting.
Organisations are employing privacy specialists.
Each company is interpreting the GDPR and creating their own systems.
These cobbled-together solutions mainly consist of a mish-mash of awkward spreadsheets and random forms.
Every business is doing it differently, and each is hoping, fingers crossed, that they are doing it right and doing enough to satisfy the regulator if they come knocking.
The crazy thing is that creating in-house systems is an expensive, complicated and time-consuming way to achieve something as simple as GDPR.
But until now there hasn’t been a Xero equivalent for GDPR compliance.
PORT.im is Xero For GDPR
The challenge we set ourselves was to make GDPR compliance as simple as Xero make accounts.
It’s been a massive challenge, but we think we’ve done it.
We’ve now made it so easy that just about any business can drag and drop their way to GDPR compliance.
No expertise needed.
No wasted time trying to understand what you need to do.
And no re-creation of other peoples hotch-potch of spreadsheets and privacy policies.
Why Risk GDPR When it’s Now so Simple and Affordable to do it Right?
The risks of GDPR are obvious and are usually massively exaggerated by people trying to sell their solutions.
Yes, you might get investigated by the ICO.
It would be a painful experience and possibly incur a considerable expense, but your business would probably survive.
If you have committed a serious violation and or repeatedly transgressed the regulations, you may even be fined.
This is exceptionally unusual and is an action of last resort by the ICO.
More likely, you’ll experience some kind of complaint from your customers or staff.
They will make a subject access request, and you’ll have to defend your actions in fulfilling it.
This is not good news.
Lawyers may be involved and the reputation of your company and it’s directors could become tarnished, leading to lost contracts and relationships.
The positive reasons your business should be GDPR compliant are much more likely than the negative ones.
You may be operating a business that is regulated.
It could be that you have to demonstrate your GDPR compliance to be approved by a professional body or local authority.
This is certainly the case with health, finance and education sectors.
Other positive reasons to manage your GDPR with sincerity and integrity are that you may be going for that big contract.
Many large companies will require your business to self certify that you are compliant with the regulations.
If your business is looking to sell or merge with another company, then they will want to be sure that your business doesn’t pose a risk to the future viability of the venture.
All these are good reasons to get your house in order and to get GDPR managed and under control before it gets out of hand.
A Good Tip if You’re Not Sure You Should Register With The ICO.
If your business handles personal information and you’re not sure whether you should register with the Information Commissioners Office, it’s easy to find out.
Just go to the ICO self-assessment, and in two minutes you’ll know.
And don’t worry.
You don’t need to put in any identifying information so you can relax about the ICO knowing who you are!
If You Should be GDPR Compliant, Then Don’t Put it Off Until It’s Too Late.
Don’t put it off any longer.
Getting GDPR done is now so simple there is there’s no excuse not to demonstrate your integrity and commitment to the future of your business.
PORT.im makes GDPR as simple as it can be.
Find out how you can become GDPR safe, quickly and easily.