The process of adapting SMEs to the General Data Protection Regulations will be long and costly
published on 07.05.18
Large companies have already begun to work on the new regulations governing data processing
The imminent entry into force of the new General Data Protection Regulations (GDPR) on 25th May, 2018, is going to represent a big challenge for many SMEs operating in the European Union. Greater protection for the user in the processing of data, new requirements for consent, notifications of breaches of security and the position of Data Protection Officer (DPO) are all on the agenda of every company so that they all comply with the new regulations.
The main purpose of these new regulations is to protect European citizens against fraudulent use or processing of information of a personal nature. Gregory Voss, a Juris Doctor and teacher of Law at TBS, and Stanley Claisse, a lawyer specialising in the law of intellectual property, in computing and in telecommunications, discussed the importance of these new regulations at the Research Mornings that were recently organised by Toulouse Business School.
According to Gregory Voss, ‟the purpose of these new regulations is to deal with the numerous technological developments such as ‘Big Data’, biometric storage and other technologies not provided for by the old directive of 1995‟
The latter was not adapted to the new technologies, and moreover, according to Voss, ‟it featured disparities between the Member States, which transposed the Directive with many differences; one aim of the reform is therefore to align the regulations‟
Regulations which seek to make companies responsible
The approach of the new regulations governing the protection of data of a personal nature is firmly based on the responsibility of companies. This will give rise, on the one hand, to the obligation of companies to demonstrate, at any moment, that they are complying with the law. This obligation will result in a change in the governance of companies, compelling them to employ people with the right profiles. These ‘personal data-protection representatives’ will have the task of analysing the company’s processing of personal data and ensuring that the regulations are observed. It is estimated that 75,000 jobs will be created in this area.
Stalney Claisse explained that ‟for SMEs, these new regulations represent a big challenge to adapt, whereas the large companies have already taken the necessary steps, and many of them already have a Data Protection Officer (DPO)”
He added that ‟whereas the big companies have already prepared themselves for these changes in the regulations, the SMEs will take longer to adapt to them. To expect them to comply with these new regulations within the first six months would be unrealistic. It will be a long job, and one that will require consistency in ensuring that the data are in conformity‟
On the other hand, the purpose of making companies responsible is to oblige all companies, and not only those that provide access to the Internet, to inform their customers of any cases of piracy affecting their databases. Companies which do not fulfil these obligations could incur severe financial penalties – of as much as 4% of their annual turnover – for any infringement.
Although the main purpose of these new regulations is to minimise the risk of breaches of the security of personal data – and the ensuing damage – they will also have a beneficial effect on corporate security generally. In order to safeguard information of a personal nature, companies will deploy tools for computer security, encryption and access control.
These additional obligations should contribute to a general improvement in the security of information systems and to the prevention of ‘cybercrime’.
There is more information in this video:
About TBS Barcelona
TBS Barcelona is the Toulouse Business School group’s campus in Barcelona, with 4,500 students and a network of more than 35,000 alumni worldwide. The campus is situated in the heart of Barcelona where the Bachelor in Management programme of university studies is delivered, which leads to an official French degree issued by the Ministère de l’Enseignement Supérieur et de la Recherche. The school also offers Master of Science programmes, in finance, marketing and fashion and luxury management, which are double degrees issued by TBS in partnership with Universitat Politècnica de Catalunya.
The TBS training programmes primarily focus on human resources, management, marketing, finance, accountability, consulting and auditing, without losing sight of cultural, humanitarian and business considerations. TBS stands alongside the very best French business schools and has been awarded the sector’s three international accreditations —AACSB, EQUIS and AMBA—, a triple crown that only 1% of all business schools worldwide have attained.
TBS has agreements with over 160 international institutions, a faculty made up of PhD holders and business professionals, along with five research centres and five campuses: Toulouse, Barcelona, Casablanca, Paris and London. More than 80 nationalities are represented across the different campuses.
Tags: Data protection|Europe|Grégory Voss|Legislation|Reglamento General de Protección de Datos|Research mornings|RGPD|Stanley Claisse|toulouse business school