Jun 21 2018

GDPR for SMBs: Preparedness, Privacy, & Protection

Recently, our friends at Razor Technology hosted a joint interview with Layer 8 Security to discuss what the General Data Protection Regulation (“GDPR”) means for SMBs. Our Managing Director, Kevin Hyde, and their Director of Technology Solutions, Tom Reynolds, provided their insights in an blog posted on the Razor Tech website.

What are some ways SMBs can prepare to comply with the GDPR?

Kevin Hyde: Companies need to have some mechanism through which data is accessible and they need to go beyond what was acceptable in the past to ensure GDPR compliance. If a company is unsure about what level of protection they need or how to get started, they should work with a data protection solutions provider to meet compliance needs. We approach GDPR compliance for our clients by first reducing the scope of what a company is responsible for: find the minimum requirements that apply to your business, learn what it takes to pull and provide data to individuals, establish a way of knowing if data gets out into the wild. GDPR requirements are really the basic building blocks of an information security policy, and we want to emphasize that businesses must take a layered approach to satisfying these needs.

Companies should also ensure a framework for accountability and risk management. GDPR needs to be handled out of the CFO, CEO, or general counsel office; upper-level management must ask itself what risks the company faces, what information security framework they’re willing to put in place, and who owns and enforces this process. Creating accountability for managing risk is important, which is why C-level involvement is crucial, even if management does not own the whole process. There are tough questions to answer, but every business that the GDPR applies to must answer them.

Tom Reynolds: The biggest thing to recognize is that GDPR compliance is not a technology-driven effort, and information security in general shouldn’t be tech-driven. Smaller businesses don’t often understand this, so the GDPR will probably drive this idea home. If an SMB has any doubts about their security measures, they must bring in someone that has experience and can help—there’s just too much at risk.

To read the rest of the interview, check out the blog post at Razor Technology’s website at https://www.razor-tech.com/blog/gdpr-for-smbs-preparedness-privacy-protection

Do you need help deciding if your business is GDPR-ready? With the help of our partners at Razor Technology, Layer 8 Security offers GDPR preparedness guidance along with data security and protection services. Contact us today to learn what your responsibility is in this new regulation and how you can build a secure data program that meets your business’s needs.