I receive a lot of question about SME and the GDPR.
For a lot of them (SMEs) said GDPR is not for me.
So, the reason is: I have less than 250 employees.
I don’t need any service to become compliant that is I receive in my mailbox.
One of them send me a reference to the Belgium Privacy Commission.
Here the link that I receive https://www.privacycommission.be/fr/faq-page/10523#t10523n20421 (french article).
The Belgium Privacy Commission publish a very nice FAQ to explain to no privacy professional what’s they change in 2018 with the GDPR.
But a lot of them don’t know what’s a regulation, it’s an European Law and the law is applicable for everybody this is the principle of an european legislation.
The second some people are not really familiarized with Internet or don’t know how to perform a research on a site.
On this article must help them using the same Belgium Privacy Commission.
1) About Risk Register (Yes, recommandation)
Source : Belgium Privacy Commission link in french https://www.privacycommission.be/fr/les-entreprises-et-organisations-de-moins-de-250-employ%C3%A9s-doivent-elles-tenir-un-registre
Recommandation of BPC is : we recommand to all SME to have a light version about this register.
2) About The DPO (yes, recommandation)
Obligation to have a DPO :
source BPC : https://www.privacycommission.be/fr/node/19293
Simple Faculty so this need to refer to the national law : https://www.privacycommission.be/fr/node/19297
3) SME obligations
The source BPC : https://www.privacycommission.be/fr/node/19236
So now the anwser is YES SME like Multinational must be ready for GDPR.
in resume :
Now that everyone has been talking about it since hackers publishes intimate photos etc on social networks and that the number of computer attacks explodes then it interests, but often people do not realize the danger that make to their client but also to their business.
A serious company is a company that takes care of the data of these customers and will make every effort to protect it and the data that these customers entrust to them.
Therefore this article is to remind that the GDPR is not new, and that it is a law so it applies to all. And as it is said, no one is supposed to ignore the law.
Semago can help you to put in place the best practice for managing the privacy and starting with a gouvernance in your SME.