Football is full of funny anecdotes – only last week a player surnamed Watt was sent off because the referee thought he was being sarcastic saying ‘what’ each time the official asked for his surname. But recently, the incident that I’ve kept coming back to was former Leicester manager Nigel Pearson’s infamous ‘ostrich outburst’. Asked to specify the criticism his players had endured during a terrible season in 2015, Pearson accused a journalist of being an ostrich, burying his head in the sand in order to ask such an uninformed question.

I’ve felt at times like taking a similar line of feedback as Pearson when working with companies on their compliance. A perfect example of this took place last week; the Federation of Small Businesses released research on the topic of the upcoming General Data Protection Regulation.

With the regulation coming into effect in under three months’ time (May 25th to be precise), the state of preparedness of the small business community was a crucial barometer of the economy in general is.

Sadly, the answer was: not great. Overall, it was found that only 8 per cent of SMEs felt fully prepared for the new rules coming in, that 18 per cent of smaller businesses were unaware of GDPR and that more than a third of businesses up to ten employees hadn’t even started GDPR compliance.

Face your fears

This struck me a little as the fear that can often grip people in everyday life and work; that a job is so daunting, they simply can’t bring themselves to start it until the last minute. Judging by these results, we’re seeing a similar fear factor within the SME community as they struggle to get to grips with the ins and outs of GDPR.

This research isn’t the first to uncover these results when it comes to GDPR, and this certainly won’t be the only article looking at what needs to be done in the run-up to May 25th. What businesses need to think about and engage with is the bigger picture of the regulations; this is what will allow them to stop hiding away and face the challenges with renewed focus. There are three key components to this that must be considered:

The aim of GDPR

One of the most important facts often forgotten about GDPR is that it is not here to punish businesses, it’s a force for good for the individual, better protecting their data and online identities.

Therefore – and it’s been said by the Information Commissioner’s Office (ICO) itself – the organisations tasked with upholding GDPR compliance do not want to roll out the often-discussed major fines, which could prove terminal for a business. That’s a serious decision and not one that they will be looking to take out of choice.

If your organisation can demonstrate it is working towards compliance and has the baseline of technology in place to protect people’s data, then the ICO will work through several stages, from warnings and reprimands, through to specific data subject orders that must be followed. In Information Commissioner Elizabeth Denham’s own words, ‘we’ve always preferred the carrot to the stick’.

Pride comes before the fall

A major sticking point, especially at SMB level, is often not having the necessary technical expertise needed when it comes to cybersecurity and data compliance. For many small business owners who have struck out on their own, it can be hard to admit that they don’t have the capabilities themselves and to ask for help.

The FSB research, however, also shows positive signs that this is beginning to change as a mindset, with 52 per ent of SMBs saying that they will reach out to the ICO for advice and help.

The FSB have gone further within their research report and have backed the setting up of a GDPR ‘Safe Harbour’, where non-compliant companies can put their hands up and be given intensive support as opposed to facing sanctions.

It’s important that when these resources become available, SMBs use them. There isn’t time for pride and stubbornness when it comes to data compliance; those in charge should use any helping hand they are offered, from internal resources through to external private and public-sector experts.

Technology is the leveller

Cashflow is the lifeblood of the smaller company; so much so that often upcoming major costs (such as complying to a new set of wide-ranging data regulations) can be put off by those fearful of its monetary impact.

Previously, they may have had a case for this, but the delivery of technology today has levelled the playing field. Hosted technology has meant that technology previously only accessible to enterprise-level companies can now be installed on a seat-by-seat basis within an SMB.

This both means that it can be scaled efficiently and the computational power (and corresponding expense) is not the responsibility of the end user.

The technology angle is essential too – you fundamentally can’t work towards the safety and security of publicly identifiable information if you don’t have visibility into how this data is being stored or used. To this end, a solution that can track users and devices – referred to as user and entity behaviour analytics (UEBA) for short – can form a compliance cornerstone for the average SME.

Time to move

If you are one of the companies that has so far felt paralysed by GDPR, remember these three key components: the ICO doesn’t want to shut you down, help is available, and sophisticated technology will give you a huge push towards full compliance for not business-affecting sums of money. The only people that need to worry come May 25th are those with their heads still stuck in the sand.

Dr. Jamie Graves is CEO and founder at ZoneFox

Further reading on GDPR

Source link