Understanding the potential impacts on SMBs of new data protection regulations

The rise of the General Data Protection Regulation last year and the upcoming implementation of California’s Consumer Privacy Act has forced companies to comply with strict new rules regarding the collection, storage and use of customer data and has since influenced how companies engage with their customers, the tools they use, and how they use them. This legislation to improve protection of personally identifiable information applies to every organization.

For small businesses with fewer resources than larger enterprises, complying with strict regulations can be difficult—GDPR applies to databases, marketing, sales, HR, and accounting, meaning any way data is stored or processed falls under these strict regulations. Small businesses are largely behind the curve, with fifty percent of SMBs unfamiliar with GDPR according to a recent survey.

Now, prioritizing privacy and ensuring data protection is increasing in importance on a global scale—making this statistic even more alarming and compliance even more important.

Unknowingly uncompliant

For small businesses in particular, navigating compliance in e-commerce and e-commerce-adjacent industries can be especially difficult. Businesses are responsible for how and where their data is stored, and for small businesses or e-commerce companies using third-party software partners, this opens up a host of potential issues—if a third-party partner is not compliant, the small business will still be held accountable for any potential issues, even if their own company upholds regulations.

The average small business owner may not even be aware of this issue, let alone know how to solve it. To understand this and avoid potential issues, it’s key to work with a trusted partner.

As compliance issues and regulations become increasingly important and complex, ‘Do It for Me’ (DIFM) services and applications to help manage GDPR and CCPA compliance, in addition to other privacy laws, will become critical to the e-commerce ecosystem.

Adapting to more highly regulated environments in 2020

For some organizations, trusted partners and managed service providers (MSPs) can help small businesses adapt to more highly regulated environments by handling these complex aspects of a business. Outsourcing can help small business owners decrease the risk of potential privacy or compliance issues, ultimately enabling them to focus their energy and dedicate their time to managing and growing their business.

In addition to outsourcing, small businesses can also follow these top tips:

  • Know third-party counterparts: When deciding to engage with a new vendor, it’s paramount to see and understand who will be able to access the data and how—are the channels encrypted and where is the data stored? When using a product from a third party, be sure to ask if the vendor developed the product or solution in-house, or if they used parts from elsewhere. If parts were sourced, where did they originate? Did that provider have a robust process in place to ensure all the security boxes were checked before the device went into production? These are key questions to ask before engaging with a company—don’t blindly trust a vendor or device.
  • Understand compliance: Understand what compliance means for the business. For example, even if a U.S. business does not have a physical presence in the European Union (EU), they more than likely have a web presence in the EU that collects data over the internet. Engage people in the internal organization—whether that’s a data protection officer (DPO), or legal team—to be experts on data protection law and procedures. It’s always best to follow the strictest privacy laws possible vs. local laws, to help avoid being unknowingly uncompliant.
  • Communicate with customers and users: Educate customers on how their information is used and reiterate that all data will be kept secure. Be sure to update privacy policies and terms of service, and request consent from users to receive emails. Transparency regarding how customer data is used builds company integrity and emphasizes commitment to consumers and data privacy.
  • Prioritizing Internal Security: Successfully running a company goes beyond just ensuring that the product and/or services the small business provides meet data privacy and security requirements for end-users or customers. It’s also key to keep the organization itself secure.

For small business owners concerned with their customers’ information and data, internal security at their own organization might get pushed to the backburner. And, to make matters worse, small businesses are low-hanging fruit for cyberattacks. To help maintain internal security, small businesses may leverage a trusted partner as well, such as a managed security service provider (MSSP).

MSSPs may be particularly appealing to small businesses with limited budget, staff, or resources to maintain good cybersecurity practices. Security is always a shared responsibility and MSSPs can help support and alleviate some of this pressure and ensure security is upheld.

Trusted partners will become even more important in 2020 as regulations become stricter and small businesses must work harder to keep pace.

For reprint and licensing requests for this article, click here.