GDPR Compliance in SMEs: There is much to be done

摘要

The obligatory adaptation of Organizations to the General Data Protection Regulation (EU) 2016/679 (GDPR), will imply a set of legal, technological and functional changes, with a direct impact on the daily life of Organizations as a result of their increased responsibility with data protection subjects that has been reinforced by the new legislation. On the other hand, the transfer of responsibilities from the national authorities to the Organizations obliges them to prove, at all times, full compliance with the legislation. Organizations are subject to heavy fines when a non-compliance is detected. This new reality is a challenge for any Organization, and in particular for small and medium-sized enterprises (SMEs), which have fewer human and financial resources to carry out the necessary measures to comply with legislation. In order to know how SMEs are preparing themselves, we have conducted face-to-face interviews with ten industrial SMEs. The main conclusion is that, given these companies' lack of awareness of their obligations and duties in relation to Personal Data Protection, it is urgent to define a methodology to be able to comply with GDPR.