Is complying with local Data Protection Laws for small and medium sized businesses a “Mission impossible”?
All indications show that for the majority of small and medium sized companies (SMEs), issues that have to do with data protection, information leaks and compliance of data security laws, are almost a “Mission impossible”.
According to a study by Gartner, in 2015, 35% of organizations will have a critical need to use a data protection solution, but only 1% will be able to implement it. In addition, it is known that companies are currently suffering data breaches, either by their own employees, suppliers or customers. Up to 25% of companies have recognized they have had an information leak in the last year.
All this shows the low level of compliance with Data Protection laws in small and medium sized businesses. While in some cases this can be attributed to a lack of knowledge about the law, in many others it is simply a matter of priorities. Employers with fewer resources or with smaller budgets chose to spend their time on day to day problems and ignore what they consider to be extras, thus facing possible significant penalties.
Imagine a small medical clinic, it is not unreasonable to think that medical records and other patient data are stored in Excel files on work computers that are used on a daily basis and are not under lock and key nor do they have appropriate security measures.
This is already a breach of the data protection laws that, because we are dealing with files which require a high level of security, entail very high penalties in case of an audit by the Data Protection Agency. In addition, there is no control over whether those files are copied, printed, sent by email, etc and, regardless of the penalties for breaches of the Data Protection Law, a significant risk is taken by the company considering the damage that can be caused to their image should there be an eventual information leak.
SMEs should know that there are technology solutions in the market today available at affordable prices that can help them comply with data security laws, for example in this case the solution Prot-On.
Returning to our example, the employer would only need to protect the Excel file with one of these solutions, giving permissions to edit the file only to the healthcare workers, and permissions to only read the file to the administrative staff. The files subject to the Data Protection Law would in this way be encrypted and protected as required.
In this simple way, without deploying expensive tools, altering employee work processes, or having to maintain a manual register of who has accessed personal data, the SMEs would exceed the requirements for compliance with the Data Protection Law which, up to now, has usually been too difficult for a small business to do because it traditionally required infrastructure, tools and IT staff dedicated to it. All of this without forgetting the protection of the image of the company by the prevention of possible information leak.
There is a way for SMEs to protect their data and comply with data protection laws. Technology solutions available today allow it, and SMEs need to be informed and to keep up on these advances in order to ensure their own survival.