GDPR: SMEs should seize the opportunities, but authorities must prevent market distortions

  • GDPR becomes mandatory on 25 May 2018 across Europe 
  • In the long term, according to DIGITAL SME, the advantages will outweigh the hindrances
  • Compliance costs are disproportionate for small businesses compared to larger companies 
  • Negative news campaigns about fines are disproportionate

Tomorrow, 25 May 2018, the transition period for the implementation of the EU General Data Protection Regulation (GDPR) will end. All companies are bound to comply with the requirements of the regulation. Despite the high cost of compliance for SMEs, the European DIGITAL SME Alliance highlights the long-term benefits of the Regulation: achieving enhanced privacy, creating a clear legal framework for data driven economy and, above all, setting EU harmonised standards of privacy that will become the worldwide reference.

In the long run, the advantages for European companies will outweigh the hindrances. Uniform regulations are replacing a patchwork of data protection laws throughout the EU. It is important to avoid unilateral interpretations that can seriously impair the competitiveness of European digital companies and, ultimately, Europe’s prosperity in the global economy. We have to stress that the GDPR allows companies to pursue data driven business models exploiting innovative technologies, such as BigData and AI, using anonymized data“, says Dr. Oliver Grün, President of BITMi and of the European DIGITAL SME Alliance.

However, the European DIGITAL SME Alliance is concerned about the considerable one-off expenses for the implementation of the GDPR processes in small and medium-sized businesses. The need for individualised risk based implementation, coupled with heavy reporting obligations, result in huge burdens that are hardly manageable for small and medium-sized businesses: “The costs for SMEs to implement the GDPR are considerably high and potentially market-distorting. Measured by customer data record or by turnover, an SME is pay thousand times more than global tech companies.” complains Grün.

This situation is worsened by negative news campaigns that fuel fears of huge fines for alleged GDPR infringements. “For example, many business people are even afraid of using data they received from another person who gave them her business card. This is clearly exaggerated if one considers that the privacy regulation permits the lawful processing of personal data when the person can reasonably foresee that data processing will take place” continued Grün.

The European DIGITAL SME Alliance calls to politicians, data protection officers, supervisory authorities and courts to keep a moderate standard in the interpretation of the GDPR and to interpret the law in the interests of both sides.

In view of making the implementation of GDPR more accessible for SMEs, the European DIGITAL SME Alliance has developed its own GDPR trainings for SMEs. Such trainings are designed to suit the needs of digital SMEs. More information can be found here.