Europe's data protection rules pose challenges for SMEs

LESS than a month into the full effect of the General Data Protection Regulation (GDPR), Premier League football club Arsenal FC have already been accused of being in breach of new legislation, putting both fans' data and their bottom-line at risk. Meanwhile, UK-based electrical and telecommunications retailer Dixons Carphone became the first organisation to report a major data breach which, under GDPR rules, could cost the company as much as £400 million (S$716.7 million).

The GDPR, replacing the Data Protection Directive, grants the European Commission a powerful enforcement tool in the shape of potentially hefty fines for non-compliance. For small medium-sized enterprises (SMEs) in particular, this means even the smallest error could spell ruin for the business.

However, prior to the advent of the GDPR, data from the UK's Federation of Small Businesses suggested that fewer than one in 10 SMEs were ready for the changes. Meanwhile, closer to home, a poll by EY revealed that, as at February 2018, only 10 per cent of companies in Singapore had made plans to comply compared to an average third of businesses globally.