Blue chips, large corporations, and big companies definitely seem to at last be
engaged in GDPR. They have resources, expertise and probably just enough time
to sort out their systems and processes before the big day.
However, I fear that most SMEs and Micros are not as engaged as they should be.
We have around 1000 active accounts and I am afraid most of those are either
ignoring GDPR; assuming it won’t affect them; or just hoping they won't get
caught. Given recent enforcement action from ICO it is clear that a fingers
crossed strategy is just asking for trouble.
In the recent amendments to the data protection bill it is clear that the ICO has a
responsibility to support small businesses but there is little evidence of that. The
SME pages on the ICO website just point to the same content as for the rest of the
business world.
SMEs and Micros are different, they don’t have the time, money or resources to
cope with GDPR. Most non-IT companies will not be able to complete the current
PIA template never mind a full GDPR implementation.
So, to all the new GDPR Consultants, Certified DPOs, and Data Protection
experts out there – if you want to make a lot of money maybe you should look to
SMEs and Micros – after all there are more 5M SMEs and Micros in the UK alone!
Good luck all.