€20 million is a lot of money – SMEs and the GDPR.

To learn more about individual’s rights and the GDPR click here.

Since starting my summer internship two weeks ago, I’ve Googled more acronyms than I ever thought possible. One, in particular, the GDPR, appears time and time again. I’ve found the way in which GDPR effects, specifically smaller, enterprises, particularly engaging. GDPR compliance then, although seemingly mundane, presents an interesting study relevant not only to my internship, but also my degree, particularly in regards to my study of economic geographies.

By and large, those writing about the new General Data Protection Regulation (GDPR) start with the rather alarming call to arms “Are you ready for the GDPR?”.

Above all else, this resounding sentiment suggests, especially to SMEs, that they have something to fear. With fines of up to €20 million (or 4% of annual turnover), it’s possible they do.

The recent 2017 Veritas report indicated that 86% of surveyed decision-makers fear failure to satisfy the GDPR could have a negative impact on their business. A surprising 18% of these respondents also believe that their company could go out of business as a result of non-compliance.

Almost one in three Veritas respondents worry that their company lacks the necessary technology to search, discover and review data. This is where the real problem lies, especially for SMEs. Although undoubtedly SMEs lack the funding to invest in complex data management programmes, they also lack the immense volume of data larger corporations have to contend with.

Seemingly, the majority of data collected by smaller enterprises still arrives through traditional channels; email, telephone and scanned documents, this doesn’t seem likely to change. The challenge therefore is, how can small enterprises keep tabs on how and why personal data is being processed, in accordance with the GDPR?

The GDPR gives more power to data subjects. In addition to the right to access, individuals now have the right to rectify, transport and erase any personal information held about them. So how do small companies satisfy this right when correspondence containing said data arrived in an email, now locked away in a private inbox, or a telephone call now long forgotten? This problem creates a compelling case for increased sharing of digital messaging within companies.

As well as fostering traditions of best practice, access to a shared database limits the negative effects of employees no longer working side by side. In the period 2005 – 2012 the number of employees telecommuting in the US increased by 80%. With office space at a premium and telecommunications more effective than ever, it makes sense for colleagues to work alone. For all its benefits, employees no longer working in close spatial proximity increases the risk of important leads being missed, sealed the personal account of the wrong employee. Once again, a shared hub represents a simple solution.

The digital paper trail that a shared database creates is omnipresent. This means that when, in accordance with new regulation, a subject requests access for any of the 8 reasons outlined in the GDPR, from erasure to the challenging of automated decisions, any related data can be pulled up instantly, with minimal effort. Previous costly methods of e-discovery are made redundant.

Say, for example, a longstanding contact is retiring and requests erasure (in accordance with article 17) of all their personal data from my company’s records. Typically, a contact who has been working with the company for a number of years would have corresponded with multiple employees in that time, including some no longer at my company. With the use of a shared message hub, all related data can be located and erased within a matter of seconds, satisfying the both data subject and the GDPR.

In this way, increased sharing can help to protect SMEs from data protection penalties.

As an intern with JPY, I had been tasked with investigating possible applications for cloud based hub Threads. But stay with me. Threads performs every function I’ve argued the need for and more. It brings together all of a company’s emails, automatically transcribed phone calls, scanned documents and social media messages. It also organises correspondence according to “contacts I know”, “contacts I might know” and “contacts I don’t know” preventing the unnecessary risk of data breaches by human error. If ever a problem was awaiting a Threads solution, it is GDPR.

Whether you choose Threads or not, the need for SMEs to share customer data is now paramount. For many, increased protection means more passwords and greater separation. However, where data is found mostly in emails, phone calls and scanned documents, more accounts means less accountability. A shared message hub of any kind now represents an exceptional and essential tool for both business growth and GDPR compliance.