Europe's new data protection laws pose problems for small businesses

Europe's new data protection laws pose problems for small businesses
By Robert Hackwill
Share this articleComments
Share this articleClose Button
Copy/paste the article video embed link below:Copy to clipboardCopied

SME's face dilemma over stored data and raised costs to adminster personal databases to compy with GDPR legislation, but the EU is attempting to reassure them that they won't be hard-hit...and is facing some scepticism.


European citizens can feel more protected thanks to the new GDPR which comes into force today. They can have more control over their online personal data. At least this is the feeling from all the emails we are receiving these days.

But for small entrepreneurs, adapting to the GDPR is hard.

Kelly Claessens runs "Fabrika", a family-run furniture shop in the center of Brussels that also delivers online items. She needs to collect personal data such as email and postal addresses, but also VAT and telephone numbers. Now she has to ask her subscribers consent to keep using stored data.

"A really small percenbtage of people actually confirm their subscriptions, so if we have to do this pretty much all our subscribers will be lost," says Kelly.

The main chore is keeping a record of data processing activities such as maintaining documentation, and conducting a data protection impact assessment of the risk.

"It is really hard because we don't have the budget to hire somebody to be responsible for this so we have to do it by ourselves," continues Kelly.

Not complying with rules could mean penalties up to 4% of turnover or 20 million EUR, whatever is highest. However this legal expert tells us small and medium-sized companies have some leeway.

"A normal SME will be less targeted, hopefully. In any case if there were any complaint or if the national authority started an investigation, it would be crucial as an SME, that you can at least show that you try to comply," says legal advisor at UNIZO, Frank Socquet.

Most SMEs want to comply but it remains very technical legislation. It seems that hiring a GDPR expert is crucial

"Currently on the market there are both real experts on GDPR, but a lot also of self-declared experts who actually benefit from the fear that exists now among SMEs but in many cases is not necessary," concludes Socquet.

Share this articleComments

You might also like

The Panama Papers proved encryption is a massive asset for democracy

Are we about to lose the last pillar of our digital security?

Commissioner Johannson's response to scientists' online privacy concerns goes after straw men