The GDPR came into force in May 2018 with a blaze of publicity but 3 years on, still many businesses are unclear on how at risk they are from GDPR-related sanctions. The vast majority of business leaders believe that it is essential to comply with the GDPR, especially as companies can risk crippling fines. Indeed, while many companies did act when the regulation came into force, this was often to cover the absolute minimum areas of compliance. Therefore, their risk to sanctions has not disappeared.
But how can companies and in particular SMEs really understand how at risk they are to fines and what they should do about it?
cyberwatching.eu has launched the GDPR Temperature Tool, to help European SMEs understand just how at risk they are to sanctions or fines. By answering a set of questions on data processing activities, the tool provides an indication, or temperature, of a company’s risk to sanctions. The higher the temperature, the higher the risk. In addition, a free a customised set of practical and actionable recommendations is provided.
The whole process takes around 15 minutes so well worth the time, especially when the recommendations come directly from ICT Legal Consulting, a law firm with plenty of expertise in the area.
“The GDPR temperature is an awareness tool which helps SMEs, though a practical self-assessment, to understand their exposure to risk of sanctions due to GDPR violations and act accordingly in order to improve their compliance posture.” says Paolo Balboni, the lead creator of the tool and founder of ICT Legal Consulting, partner in cyberwatching.eu.
The need for a more proactive rather than reactive approach is echoed by Sebastiano Tofaletti, Secretary General, Digital SME Alliance which is also partner in the cyberwatching.eu project. "GDPR rules are setting the global standard for personal data protection. European digital SMEs are at the forefront of these developments, extending GDPR-compliant solutions to all economic sectors. However, the SMEs in more traditional sectors reportedly lack the understanding of GDPR and look for solutions only after the breach happens. Thus, it is very important for every SME to have simple means of evaluating the compliance and risk of sanctions, and to understand the need for further assistance before any violation occurs".
The tool can be used as an important preliminary step for SMEs to facilitate their understanding of where they stand with respect to the GDPR in terms of “risks to sanctions”. Balboni stresses though that the SMEs should not only evaluate the risk of sanctions but, complementarely and more importantly for compliance purposes, SMEs are requested to assess the risks that their data processing activities pose on individuals.
“Assessing risk is an essential process that all companies need to take action on. Risks vary in likelihood and severity for rights and freedoms of natural persons posed by the relevant processing activities. It’s vital for companies to keep on top of this and design data processing activities that are legally and ethically respectful of individuals".