We’ve all heard by now that the GDPR will bring in a revised set of data protection legislation that aims to modernize the way organizations store and process the data of EU citizens. Countless articles will tell you that non-compliance with the GDPR will likely result in crippling fines. However, much of this is fear-mongering, as the vast majority of people (even experts) simply cannot predict what will happen. They do agree on one point though, organizations in the mid-market are likely to be hit the hardest. Here’s why…
Budgets and Revenues Are Generally Tighter
Small businesses probably won’t even make it onto the ICO’s radar, and large enterprise organizations have budgets set aside for GDPR experts and worst-case scenarios. The mid-market generally work on stricter financial restraints, so cannot afford to pay for the top of the line consultancies to come in and do everything for them.
The maximum GDPR fines are also likely to cripple the majority of mid-market organizations, whereas an Enterprise wouldn’t particularly feel it.
Resources Are Generally More Limited
Large Enterprises often are able to dedicate specific time and resources to the challenges GDPR brings, such as by employing large legal teams. If a mid-market organization is accused of a breach that results in non-compliance, they often will have to spend a substantial sum of money if they want to formulate a counter defence.
Lack of GDPR Experts In-House
GDPR is not just an IT issue. It requires organize-wide education to fully adopt. Policies need to be formulated, new technology needs to be acquired and regular training needs to be initiated. For many mid-market organizations, the lack of in-house knowledge around GDPR can be a stumbling block in preparations. GDPR experts are few and far between, and the ones that really know what they’re talking about are expensive. Enterprises can afford them, but those with tighter budgets may have to rely on Google (not always a reliable source of information).
How Mid-Market Organizations Can Prepare for GDPR
I would never recommend reading through the entire GDPR, unless you really want to. It’s effectively a book and was not written to be entertaining. However, there are useful websites out there that summarize the chapters and articles into actionable points. The main thing is to ensure that, if you were questioned by the ICO regarding a data breach, you could prove that you were doing everything in your power to prevent it from happening. You also need to be able to spot a data breach and report it within 72 hours, which is not easy to do.
Most IT teams are aware that auditing and monitoring solutions enable you to track, monitor and alert on user interactions with unstructured data. However, the general view seems to be that these solutions are too expensive and are only suitable for enterprises. This simply isn’t true anymore. Organizations such as Lepide, offer a way of changing how you protect your unstructured data at an affordable, realistic price-point.
Solutions like LepideAuditor enable you to audit changes to files and folders in your File Server, to help prove that you are acting responsibly when it comes to storing and processing data. Get prepared for GDPR, time is running out!
Click here to know how LepideAuditor helps you with GDPR.