Skip to main content

Local data protection compliance: Mission impossible for SMEs?

All indications show that for the majority of small and medium sized companies (SMEs), issues that have to do with data protection, information leaks, and compliance of data security laws, are almost a 'mission impossible'.

Data protection: Your mission if you choose to accept it

According to a study by Gartner, in 2015, 35 per cent of organisations will have a critical need to use a data protection solution, but only 1 per cent will be able to implement it. In addition, it is known that companies are currently suffering data breaches, either by their own employees, suppliers or customers. Up to 25 per cent of companies have recognised they have had an information leak in the last year.

All this shows the low level of compliance with data protection laws in small and medium sized businesses. While in some cases this can be attributed to a lack of knowledge about the law, in many others it is simply a matter of priorities. Employers with fewer resources or with smaller budgets chose to spend their time on day to day problems and ignore what they consider to be 'extras', thus facing possible significant penalties.

Imagine a small medical clinic. It is not unreasonable to think that medical records and other patient data are stored in Excel files on work computers that are used on a daily basis and are not under lock and key, nor do they have appropriate security measures.

This is already a breach of the data protection laws that, because we are dealing with files which require a high level of security, entail very high penalties in case of an audit by the Data Protection Agency. In addition, there is no control over whether those files are copied, printed, sent by email, etc… and, regardless of the penalties for breaches of the data protection law, a significant risk is taken by the company considering the damage that can be caused to their image should there be an eventual information leak.

There are solutions out there

SMEs should know that there are technology solutions in the market today available at affordable prices that can help them comply with data security laws.

Returning to our example, the employer would only need to protect the Excel file with one of these solutions, giving permissions to edit the file only to the healthcare workers, and permissions to only read the file to the administrative staff. The files subject to the data protection law would in this way be encrypted and protected as required.

In this simple way, without deploying expensive tools, altering employee work processes, or having to maintain a manual register of who has accessed personal data, the SMEs would exceed the requirements for compliance with the data protection law which, up to now, has usually been too difficult for a small business to do because it traditionally required infrastructure, tools and IT staff dedicated to it. All of this without forgetting the protection of the image of the company by the prevention of possible information leak.

Laura Núñez at Prot-On

Image Credit: Shutterstock/Artem Samokhvalov